A new report from Microsoft has urged companies to be on high alert for insider security threats that could pose a significant risk.
According to the Microsoft Insider Risk Report, many employees that deal damage to their organizations, by facilitating data breaches, or similar, do it unknowingly.
Employees stealing IP as they move to another company, and disgruntled workers just looking to deal damage aren’t as frequent of an occurrence as employees taking unsafe actions, not knowing exactly what they’re doing, misusing resources, and doing other things that, unbeknownst to them - leads to data leaks.
Whatever the reason behind insider threats, Microsoft knows one thing - they cost businesses an average of $7.5 million every year.
On top of that, businesses need to address a tarnished image, loss of IP, regulatory fines and other legal issues.
For every two in five organizations (40%), the average cost of a single insider-triggered data breach exceeded $500,000. Almost all impacted firms (84%) have had to deal with customer data loss or theft, as well as brand damage and reputation issues (82%).
These incidents are also quite a common occurrence, the report further states, adding that they happen more frequently than malicious events. The average number of insider events was approximately 12 a year (or one every four weeks), while companies suffer roughly eight malicious events a year.
Things are only going to get worse going forward, Microsoft warns, as the proliferation of remote and hybrid working continue to create more and more risks for the average organization. For more than a third of respondents, insider risk incidents increased over the course of the past 12 months. Two in five (40%) expect the number of incidents to only increase in the future, with departing employees spearheading the worrying statistic.
In fact, two-thirds agree that insider incidents coming from departing employees is one type of insider risk “that is becoming more commonplace”.
- Here's our rundown of the best firewalls right now
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.