By David Klopp …

Cyber risk discussions often center around how criminals, nation states, hacktivists and/or terrorists could breach perimeter defenses to carry out objectives such as data theft, denial of service and financial fraud. But what about the trusted employees, contractors and third-party suppliers that already have legitimate access to your systems and data? These are commonly neglected data breach vulnerabilities.

Independent research and years of Kroll’s extensive global fieldwork have shown that trusted insiders can actually pose a greater cyber risk to a business, whether by accidentally or negligently exposing data, or acting with malicious intent. For example, many incidents are traced back to employees carelessly clicking a phishing email link that delivers malicious software or steals credentials, or when they send confidential data to a personal email account “to work from home.” Employees can also be tricked into changing payment details in response to a message received from a compromised email account. We have also encountered cases where proprietary source code was posted to a public repository, likewise when former employees have taken client lists, source code, proposals, etc., to a competitor upon changing jobs.

Read full article here