According to the Department for Business, Innovation and Skills*, nine out of 10 large organisations suffered at least one major security breach in the last year. More concerning is the fact that an increasing number of those breaches were internal. 75% of large organisations experienced a staff related network breach, up from 58% in the previous year. Cyber criminals are now turning their attention inwards and by obtaining employees’ email and password details, mounting security attacks from the inside.
Social media accounts, such as Facebook, make it easy for criminals to glean information about staff members, enabling them to pose as friends. By tricking employees into opening booby-trapped emails, fraudsters are able to steal credentials, which are then used to access the company’s network.
Those networks are in many cases already vulnerable. IT departments are overwhelmed by the sheer volume of information supplied by their intranet monitoring systems, much of it causing false alarms.
ID protection in major companies is a huge cause for concern and requires company security analysts to take a new approach. An understanding of what is ‘normal’ activity for the company, combined with more sophisticated technology to better identify risks is needed to spot a breach before it becomes serious.
Stolen staff identity details pose a threat to each and every company in the UK unless they are made aware of the compromises and monitor them continually.
*Department for Business, Innovation and Skills, 2015 Information Breaches Survey.