The danger within: internal risks increasing, claims new PwC report
Amid a complex and constantly changing risk landscape, internal cyber attacks are an increasing threat that can damage a company’s profits and reputation, according to PwC’s ‘Global State of Information Security Survey’, published this week.
Indeed, a multitude of data is lost each day in this way through mistakes, misuse or malicious attacks; however, the PwC survey contends that the threat to an organisation no longer comes purely from outsiders and that insider risk is now a matter of growing concern.
Drilling down, the top insider risk and source of security incidents for UK organisations is current employees, with former employees a close second. In addition, third parties, including service providers, consultants or contractors, are also now increasingly likely to be the cause of a cyber threat to a business.
In light of the reconfigured threat, the survey highlights four key trends: (i) digital businesses are adopting new technologies and approaches to cyber security; (ii) threat intelligence and information sharing have become business-critical; (iii) organisations are addressing risks associated with the internet of things (IoT); and (iv) geopolitical threats are rising.
“Organisations spend so much time focusing on protecting themselves from external threats that it’s often easy to forget the insider risk – stemming not only from employees, but also a wider ecosystem of business partners," said Richard Horne, cyber security partner at PwC. “Business leaders need to shine a light on who has access to their critical systems and data. Poor access governance and controls can damage not only your reputation but ultimately profit.”
The report also examines the likely impact of the EU’s General Data Protection Regulation (GDPR), which is due to come into effect in April 2018. In essence, the GDPR means an uptick in privacy demands that will require companies to refocus their data privacy arrangements.
“GDPR requires a level of internal control over privacy practices we’ve never seen before,” said Jay Cline, cyber security and privacy principal at PwC. “A half-billion EU citizens will be poised to hold multinationals accountable to this higher bar through new rights they will begin exercising one spring morning a year and a half from now.”
The ‘Global State of Information Security Survey’ showcases the views of more than 10,000 CEOs, CFOs, CIOs, CISOs, CSOs, VPs and directors of IT and security practices from more than 133 countries (34 percent of respondents are from North America, 31 percent from Europe, 20 percent from Asia Pacific, 13 percent from South America and 3 percent from the Middle East and Africa).