Insider data breaches, in which employees and third-party contractors expose a company’s sensitive information, are becoming both more common and more expensive.
This is according to a new report from AtlasVPN, which claims that more than four in ten businesses (41 percent) experienced at least one insider attack in the last 12 months. Some suffered up to five attacks in the same time period, 12 percent saw between six and ten and a further 7 percent suffered 20+ attacks of this kind.
The majority of businesses affected (49 percent) had to shell out up to $100,000 in the aftermath an insider breach, while a third (30 percent) were forced to pay as much as $500,000 per incident. For one in eight, expenses went up to $1 million.
The report argues that insider threats could even be more dangerous than outside equivalents, mostly because the same rules do not apply. While criminals need to find a way into the network, employees and third-party contractors are inside by default.
While some of these insiders intend to hurt the business (either because unsatisfied by their current status or they want to take the data to a new company), others are simply negligent. Whatever the reason, the results are expensive, especially if the incidents go public and hurt the company’s image.
AtlasVPN says that if businesses are to protect from insider threats, they need to allow employees access only to data and tools they need to get the job done. They should also train their employees better, to minimize the potential of negligent exposure.