Tanya Harris

In the past companies have focused on protecting themselves from outside attacks, with the changing landscape of data protection it is essential that companies look within. Over the course of the last few years industry has witnessed an alarming increase in the number of cyber-related incidents, ranging from relatively unsophisticated “port scans” to full-scale attacks on networks resulting in disruption and denial of services, or mass data theft and leakage.

In response to this growing problem, organisations are increasing their expenditure on network security solutions, remote malware detection services etc. the list is endless. They are, in effect, deploying the full weight of computer science at a 21st century cybersecurity arms race.

Whilst technology is important, it represents just part of an overall solution that must also include the culture elements of the business to ensure that security becomes integrated into the fabric of the organisation.

Every company’s data is valuable to someone, be it credit card data, medical records or intellectual property. When placed into the wrong hands, it can cause mass financial loss and reputational damage to a business. With insider threat being a major part of cyber security, it is not enough to tackle this issue from IT alone, and with the long-awaited mandatory EU GDPR breach notification laws coming into force in March 2018, it is impossible for any business with clients in Europe to ignore the issue of insider threat and data security.

Topic looks at data breaches and the link to insider threat, as technologies that stop one type of insider attack may not necessarily be effective against others, therefore IT needs support from other divisions in order to effective tackle this growing problem.