I don’t agree that insider threats are more of a problem than external threats, but I am glad to see insider threats – including “human error” incidents get more attention. Jai Vijayan reports:
The healthcare industry’s ability to defend against cyberthreats is being seriously undermined by its own workforce, according to two separate reports released this week.
In an analysis of 1,368 security incidents at healthcare organizations in 27 countries, Verizon found that nearly six out of 10 (58%) security incidents involve insiders. That figure, according to Verizon, makes healthcare the only sector where internal actors pose the biggest threat to an organization’s cybersecurity posture than external actors.
See, that’s partly where I disagree. I think we just find out more about insider incidents in the healthcare sector than in other sectors because of HIPAA disclosure/notification requirements.
In an Accenture report based on a survey of 912 healthcare employees in the US and Canada, some 18% of the respondents — or nearly 1 in 5 — professed their willingness to sell confidential data to unauthorized thirds parties for as little as between $500 and $1,000. Among the malicious activity they were willing to peform: sell login credentials, download data to portable drives, and install tracking software on business systems.
OK. What percent of other sectors’ employees would do the same?
Read more on Dark Reading.