A man uses a laptop in a cafe in downtown Hanoi. — © AFP

There is no doubt that most data breaches involve people. And more and more often, the human risk comes from insiders. By focusing on insiders, organizations have a great opportunity to proactively identify and mitigate risk long before a costly incident occurs.

The next iteration of National Insider Threat Awareness Month. The event takes place annually in September and was launched in 2019 to help organizations and individuals better understand insider threats and promote the development of strategies to combat them.

Although the initiative originates from the National Counterintelligence and Security Center (NCSC) in collaboration with the National Insider Threat Task Force (NITTF) and other U.S. agencies, many organizations and countries around the world recognize the importance of raising awareness of insider threats and are now actively participating in related activities and initiatives.

In an earlier article prior to the event Digital Journal In a discussion with a local expert, the precarious risk that some employees pose to the company was pointed out.

The advice of the experts continues. For our second part, we consider the opinions of Carl D’Halluin, CTO, Datadobi.

D’Halluin focuses on the costs to companies of insider threats. He explains the cost to the economy: “National Insider Threat Awareness Month is an important reminder not to underestimate the importance of risks from within – whether they are malicious or the result of negligence. To get a clearer picture of how big these risks are, the Ponemon Institute’s 2023 Cost of Insider Risks Global Report found that the average annual cost of an insider risk increased to $16.2 million per company in 2023, while the average time to contain an incident increased to 86 days, compared to $15.4 million and 85 days in 2022.”

D’Halluin gets into specific topics and examines some of the vulnerabilities that can bring insider threats to the forefront: “Some may be surprised to learn that unstructured data is actually the most vulnerable, as it is the predominant data type (80 percent of data). It is the most difficult to manage, secure and protect and often contains valuable and confidential information, making it quite attractive to those who wish to exploit it for personal gain or corporate sabotage.”

Therefore, intentional actions by employees are something that must be taken seriously. It is important to find coherent solutions and this is where v recommends: “So during National Insider Threat Awareness Month – and all year round – take decisive action to protect your unstructured data from insider threats. Invest in your employees – train them and provide them with the solutions they need to gain insight and control over your unstructured data scattered across all environments – local, remote and in the cloud. Next, foster a culture of accountability and vigilance because some insider threats are simply the result of human error. The survival and success of your business is at stake – so isn’t an ounce of prevention worth a pound of cure?”