The Verizon Data Breaches report released last week indicates there are now more data theft incidents involving “trusted parties” (read: employees) than ever before.
“While payment chain personnel and end-users were still prominent, managers (including those in the C-suite) came in higher than in prior years. They often have access to trade secrets and other data of interest to the competition and, tragically, are also more likely to be exempted from following security policies because of their privileged status in the company”, the report reveals.
Another survey documented in The Recover Report, reveals that the two most common intellectual theft scenarios involve perpetrators taking the data to start their own competing company (30%) or to help secure employment with a rival (65%).
What can you do to prevent the abuse of your data by malicious employees (or former employees)?
A preventative approach is vital. Business owners should carefully consider the resources currently deployed to assess and manage the risks to their critical business data, and include the ubiquitous “people” factor in their risk assessment activities.
This brings us to the importance of having a robust risk management structure that is comprehensive and fail-safe. Vigilant Software has just released the latest version of its popular vsRisk™ cyber security software. The new vsRisk 2.3 offers a host of intelligent new features, and is fully compatible with the international information security standard, ISO27001:2013, which supports flexible options for conducting risk assessments.
For organisations planning to conduct a risk assessment, vsRisk™ provides a simple framework that is easy to follow, and offers built-in, searchable databases of threats and vulnerabilities and common risk scenarios. It also supports the option to add additional, customised risks and controls, and other great benefits, such as providing the risk assessor with the ability to create views and categories based on either risks, owners, assets or customised groups, in addition to sub-groups.
Another brand new feature introduced by the new version is the ability to conduct assessments on multiple, different information security management systems (ISMSs). The risk assessor can easily switch between multiple ISMSs from a single tool, across different companies and geographic locations. This feature will be especially useful to consultants and organisations with numerous, segregated ISMSs.
A 15-day trial copy of the new version can be downloaded from the Vigilant website.