Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Internal cyber threats growing, but security ramping up: Analysis

Reprints

The malicious insider threat to a company's cyber operations will become more visible in 2014, Kroll said Tuesday.

The New York-based risk mitigation and response solutions firm predicted in its “2014 Cyber Security Forecast” that almost half of data breaches will come at the hands of firm insiders next year.

“However, as the federal government and individual states add muscle to privacy breach notification laws and enforcement regimes, the hidden nature of insider attacks will become more widely known,” Kroll said in the analysis.

“There's a tremendous amount of data compromised today where the act is never discovered or disclosed,” Kroll Managing Director and cyber investigations practice Leader Timothy P. Ryan said in a statement. “People discount the insider threat because it doesn't make the news. Instead, we see headlines about external credit card breaches and theft of personally identifiable information, because regulations mandate accountability and punishment is expensive. The insider threat is insidious and complex.”

To thwart such threats, general counsel, information security and human resources must work collaboratively, according to the analysis. Implementing a requirement to disclose to the Securities and Exchange Commission any “material losses” due to internal cyber threats may serve as the model for firms to “be more transparent and answerable for allowing bad actors to go unpunished.”

%%BREAK%%

Other trends forecast by Kroll for next year include:

• The National Institute of Standards and Technology's security framework and similar security frameworks will become the de facto standards of best practices for all companies.

• The data supply chain will pose continuing challenges to even the most sophisticated enterprises.

• Corporate board audit committees will take greater interest in cyber security risks and their organization's plans to address them.

• Sophisticated tools will enable companies to quickly uncover data breach details and react faster.

• New standards related to breach remediation are gaining traction and will have a greater effect on corporate data breach responses.

• As the adoption of the cloud and bring-your-own-device policies continue to accelerate, greater accountability will be required of information technology departments to implement policies and manage technologies.