The Digital Guardian asked 47 security experts to discuss what they think is a bigger threat to an organization, an insider or an outsider. Light Point Security’s CTO, Beau Adkins, was invited to participate on the panel of security experts to discuss what he has seen over the course of his career. Here’s what he had to say:
“In my experience, the biggest threat to a company’s data is posed by…”
Insiders. However, they are most often not deliberately a threat. Outsiders are the ones who have bad intentions, but they don’t have access. Network restrictions are usually strong enough to keep them out. So instead they focus their efforts on tricking unsuspecting insiders into opening the doors for them. And once inside, they are indistinguishable from the insiders.
Employee web browsing is one of the most used pathways to accomplish this. Outsiders set up a website capable of exploiting any computer that browses to it, then they send emails to the insiders that entice them to click a link to that site. Most employees will not take the bait, but it just takes one person to give in to curiosity and click the link.
Malicious outsiders are very good at this. They can craft emails that look like they are from someone within the company and reference projects or people that the recipient knows. It can be very difficult to tell these emails are not legitimate. With a little perseverance, it’s just a matter of time before someone clicks.
Because of this, efforts to protect the company from malicious outsiders can only go so far. Companies today must prioritize protecting against threats from their own insiders. One employee clicking the wrong link doesn’t have to put the whole company at risk.
Check out what the other experts had to say by reading the full article on Digital Guardian.