Back to Menu
Connecting You To Opportunity
What can we help you find?
Search|Login|Sign Up
Back to Menu
  • Login
  • Sign Up

Hacking Comes From Both Insiders And Outsiders

By Brian Wallace, writer
Feb 28, 2017
> Technology

Pretending you're safe won't actually make you safer

When was the last time you heard about a major hack or serious data breach? They happen all the time, and most companies are woefully unprepared to deal with them. What’s more, many companies aren’t even doing much to prevent data breaches to begin with. Remember a couple of years ago when Target was the subject of a data breach? That was the result of a contractor installing malware on printers. There are lots of types of threats to cybersecurity, but they fall into two categories that often work in tandem: insiders and outsiders.

  • 90% of espionage threats capture trade secrets
  • 89% of all data breaches in 2015 were motivated by finance or espionage

What is an outsider threat?

Outsider threats are those that come from outside of the organization. They can be from hacktivists, other nation states, white hat hackers, or even your competition. The type of threat will determine the motive- nation states want an economic or military advantage, while white hat hackers want to expose your company’s vulnerabilities so you can set about fixing them. Outsider threats include:

  • Hackers at competitions trying to expose vulnerabilities for a prize or reward
  • Foreign governments trying to gain access to a defense contractor to learn about the latest military technology in development
  • Cybercriminals trying to access financial info for financial gain

What is an insider threat?

Insider threats come from those within an organization, including contractors like the ones who compromised Target. They can be once-loyal employees who have hit hard times or a business partner who wants to take what they can and split. Insider threats include:

  • An employee selling information to the competition for financial gain
  • A business partner being blackmailed by another organization
  • A contractor giving information to your competition out of spite

Insiders and outsiders often work together

Whether an outsider wages a spear phishing attack to compromise your organization’s leadership or your competition sends someone in to pose as a new employee in order to gain access, there is often collaboration between the inside and outside of an organization. This can include:

  • Phishing attacks that target a CEO
  • Espionnage
  • Planting an employee or contractor by the competition
  • Using malware carried in on a USB drive to compromise systems

How can you prevent these attacks?

Training your employees in good security hygiene is the most important step you can take in securing your company’s data, but that won’t prevent all attacks. Companies should be vigilant about keeping up with the latest trends of cyber attacks so they are aware of where the threats are coming from. Basic security measures include:

  • Strong passwords
  • Segmented networks
  • Encryption of sensitive data

Attacks happen

Even if you don’t think there is anything worth stealing from your organization, chances are you are still under attack. Hackers are opportunists, lying in wait for the perfect time to strike. So maybe you haven’t released any info on that new development you will be announcing next spring, but hackers could already be monitoring your activity. An ounce of prevention is worth a pound of cure, as the old saying goes, so why not do a little security checkup anyway?

It’s also important to have a plan in place in case of an attack. Do you have a way to reach customers if they are affected? Do you plan to fix the problem before making an announcement? Having these details hammered out beforehand can really simplify your response in a crisis.

Security checkup

You’ll have to be sure your organization has policies and training in place to prevent data breaches before they get through. This includes:

  • Training employees on security hygiene
  • Having a policy about BYOD (bring your own device)
  • Segment your WiFi network so employees who want to use it for their BYO devices can without compromising the rest of the network
  • Use multi-level access authorizations, only allowing those who need it access to the most sensitive information in your organization
  • Monitor your network for anything out of the ordinary
  • Use encryption to protect the most sensitive data

Information security begins at (your) home (network)

Rather than just installing antivirus software, crossing your fingers, and hoping for the best, take a more proactive approach to securing your company’s data. You may not think there’s a threat, but already someone is trying to get in.

Stock image from Shutterstock. 

Want more advice for your business?
Get free tips from experts in our small business community.
This site is protected by reCAPTCHA. Google's Privacy Policy and Terms of Service apply.
Brian Wallace
Brian Wallace
See Brian Wallace's Profile
Brian Wallace is the President of NowSourcing, one of the world's top infographic design agencies based in Louisville, KY and Cincinnati, OH. Brian also runs a local event to make the Louisville / Cincinnati corridor a more competitive region (#thinkbig) and has been named a 2017 Google Small Business Advisor.
Like the article? Sign up for more great content.Join our communityAlready a member? Sign in.