ClickCease September Tech Tip - Sacramento, CA - Cybersecurity Experts in Northern California

September Tech Tip

Insider Threat vs. External Threat

Insider versus External Threat

Insider threats make everyone in the workplace look over their proverbial cyber shoulder to see who might be a bad actor from within. (An insider threat is when a data breach is caused by someone from inside a company, as opposed to someone from outside the company.) Indeed, according to Verizon’s 2022 Data Breach Investigations Report (DBIR), bad actors from the inside are liable to cause more damage than those from the outside, citing that “privileged parties are able to do more damage to [an] organization than outsiders” (2022 Verizon DBIR, page 12). However, the percentage of data breaches by inside threats is less than that by external threats: some 80% of actors in data breaches are external and nearly 20% are internal (DBIR, page 11, figure 11). It was once believed (in 2008) that insider threats outnumbered external ones. However, with 15 years of research, it is now known (as of this year, 2022) that external bad actors are consistently more common than internal bad actors (DBIR, page 11).

So, since the external bad actors are the primary cause of data breaches, you can rest assured that everything on the inside is peachy-keen, right? Wrong! As Verizon states, the “human element continues to be a key driver of 82% of breaches” (DBIR, page 33). What does that mean? It means that external bad actors do something called “social engineering,” which is where bad actors will implement phishing attacks or pretexting attacks, as emails that appear to be from someone that they are not actually from. Social engineering is where a bad actor seeks to manipulate a user to provide personal data, as PII (Personally Identifiable Information). This does not, of course, indicate that everyone on the inside, at your business, is a corrupt cybercriminal; it does mean, however, that everyone in your business, including yourself, is susceptible to social engineering cyberattacks. Why? It is precisely because we’re all human and make mistakes, accidentally clicking on a fraudulent link or replying to a bad email.

With all that in mind, a few things seem to be of great importance:

  1. Make sure to surround yourself (i.e., hire) good people–people who not only have the work ethic to get the job done, but also the good character to be upstanding, rather than upstarts!
  2. Once you’ve got that one under your belt, make sure to hire an MSP that has a reputable reputation, not only longevity in the industry with good reviews on Google, but also a reputation that stands both the tests of time and experience as well as the word-of-mouth test. The “word-of-mouth” test is a shorthand for a company’s reputation among other businesses and clients; it’s what people really think about a business.
  3. Continue to be vigilant against cyberattacks, both internal and external–though especially external threats. To do this, you will need both good employees as well as a good MSP servicing your company.

Optimization of your productivity, efficiency and tech investments

Running a business, especially a small business, is hard work! We know it’s challenging to simply maintain staffing, to locate business opportunities for growth, to maximize and increase cashflow, to comply with government regulations, to provide employees with healthcare, and to carve out time to make it all happen! On top of that, in today’s world economy, you simply must have cybersecurity–just one more thing to think about. That’s where we come in: we provide peace of mind that all your data, both of your company and your employees as well as your clients and customers is kept safe online. Book a consultation today here or via the button below or reach us at (916) 696-7200 for more information on how we might be able to service your company as one of the most reliable external IT service providers in the Greater Sacramento area and beyond!