| | November 20158CIOReviewData Breach Threats Lurk WithinBy Steve Doston, CISO & VP, First AdvantageAlmost every day, the media has a report of a cybersecurity breach. Target, Home Depot, Sony Pictures, Internal Revenue Service, the U.S. Government, big banks, hotels, and supermarkets have all been victims of cyber attacks. Recently a major league baseball team was accused of hacking a rival team's data in a case of corporate espionage. Billions of dollars are lost, reputations are damaged, and business is left disrupted in the wake of data breaches. And while the big names make the news, small businesses are proving to be equally vulnerable. A survey of 675 small businesses by the National Small Business Association found that half of them have been victims of information theft in 2014. The war against electronic data theft is being fought on two fronts, although one front makes more headlines than the other. External threats generate a lot of attention and rightly so. Online hacking rings and foreign governments are constantly scouring targets, sometimes making off with millions of records ­ credit card information, health records, employee data, and other personal information. However, the ongoing battle which is overlooked deals with intrusion from within the inside of organizations. A 2014 report from the Ponemon Institute, a research center dedicated to privacy and data protection, claims that 15 percent of the time, a trusted insider with malicious intent was the root cause of a data breach. A 2012 report from the Software Engineering Institute on Mitigating Insider Threats puts that figure even higher, stating that 21 percent of cybercrimes were committed by insiders. Workforce Screening for Better Data ProtectionThe Computer Emergency Response Team (CERT) Program from Carnegie Mellon University's Software Engineering Institute recommends using the hiring process as a starting point for mitigating insider threats. Measures such as background screening can help employers make trust-based hiring decisions. In fact, First Advantage conducted a survey of 337 professionals including human resources, risk management, and C-suite executives about their attitudes toward internal and external security threats. Sixty percent of respondents said background screening of new employees is the most important security control that can be put in place to protect organizations from data breaches. Anti-malware ranked second (53 percent), followed by physical security and physical access controls (39 percent). Human Resources and SecurityOrganizations need to determine where their information assets are, In My OpinionSteve Doston
< Page 7 | Page 9 >