The Verizon 2013 Data Breach Investigations Report provides insight into the role of insiders when data is breached.
Attackers targeted mostly finance, retail, and food service industries. Attackers profit from selling payment data or personal information. Almost all states and the District of Columbia have data breach laws governing this type of incident.
Here the attackers were seeking intellectual property – trade secrets, sensitive internal data, or systems information. The targeted industries were Manufacturing, Professional Services and Transportation. This raises issues of liability or economic loss.
There are two important statistics associated with cyber-espionage campaigns.
But, Verizon also states that External Actors are involved in over 90% of all data breaches. So, often an external actor recruits or coerces an insider.
Include insider threats and the potential impact of a data breach in your risk assessment.
When dealing with insider threats, consider the legal and human resource issues. Managing employees or contractors involves legal and regulatory issues. When dealing with a data breach, appropriate legal steps need to be followed.
Coordinated Response can help you develop a plan that anticipates the unique actions needed to address a data breach or an insider threat.