According to a recent survey by Microsoft, which includes feedback from over 300 US security and compliance professionals, building trust with employees and protecting their privacy are the best ways companies can tackle internal cyber threats.
In a time where around 60% of data breaches are caused by internal risks, the survey also stresses the importance of promoting awareness through training and education sessions.
Despite less than half of large US businesses failing to prioritize cybersecurity, holistic approaches continue to be the best way to keep your business safe from internal or external threats, as this study proves. So, if you're interested in keeping your business safe, read on to discover Microsoft's top tips.
The Insider Cyberthreat Landscape Is Growing
Too often, companies overlook the potential danger of internal cyber risks, even as they become one of the primary sources of data breaches.
Defined by Microfocus as a “cybersecurity risk that originates from within an organization,” this type of vulnerability can take many forms — from workers accidentally falling victim to phishing scams, to employees intentionally stealing data to share with actors outside the company.
Compared to external threats like malware, ransomware, and denial-of-service (DDoS) attacks, internal threats have a habit of falling under the radar. However, research from ProofPoint reveals that incidents of insider threats have increased 22% in 2022 compared to 2021, with the average attack costing a whopping $15.38 million.
As this data makes clear, the impact of insider threats can prove to be very costly. What's more, aside from financial damages, compromised customer data and tainted reputations also have major consequences that victims of insider threats need to deal with.
So, with instances of insider threats growing in number and impact, how can businesses prevent data from leaking outside their parameters?
Promoting Employee Trust and Privacy Are The Best Ways to Avoid Internal Risks
Well, according to Microsoft's new security report — which details the survey results of over 300 security and compliance professionals — building employee trust and prioritizing privacy are the best ways companies can tackle this epidemic. However, the software firm also stresses that these measures should only form part of a wider holistic cybersecurity strategy.
“An employee-employer relationship rooted in trust can help build that first line of insider risk defense.”
The survey took responses from companies with fragmented, evolving, and holistic cybersecurity approaches, with the former lacking an insider risk program, and the latter already enacting a comprehensive risk prevention strategy.
While quizzed about the challenges of internal risk prevention, 72% of holistic firms cited employee trust as a top priority, compared to 38% of fragmented firms, while 66% of holistic companies prioritized the privacy rights and civil liberties of their workforce, compared to 43% of fragmented companies.
But what do these results mean for businesses grappling with lurking insider risks? According to the report, by curating stronger employee-employer relationships, and trusting your staff to help protect your company, a higher level of security can be guaranteed.
“If your employees and departments buy in and are effectively educated, the impact on your organization can be profound.”
Additionally, by adopting a positive organizational structure that identifies the root causes of insider threats, instead of identifying and punishing individuals, employee confidence is also likely to improve as a result.
All things considered, this can truly be a win for your whole team — but it's not the only action Microsoft recommends taking.
What Else Did Microsoft's Survey Reveal?
According to Microsoft's recent release, aside from trusting your team and being mindful of their privacy, educating them about the risks of insiders threat should be a top priority.
Specifically, by detailing the impact insider threats can have on the company, employees, and job security, and boosting awareness around important issues such as information being shared with competitors, inappropriate data leaks, and inadvertent data sharing, major risk factors can be mitigated.
This shouldn't just happen once in a blue moon, either. Microsoft also maintains the importance of carrying out training sessions frequently to keep dialogues around cybersecurity open to reduce cases of cyber negligence.
These are just some methods your businesses can take to navigate the threat landscape. Check out Tech.co's top internet safety tips to discover other valuable ways to say safe online.