6 CYBER RECOMMENDATIONS AGAINST INTER-BUSINESS THREATS INCREASING BY 56%!

One of the biggest threats to businesses isn’t always competition or cybercriminals. Employees can also intentionally or unintentionally compromise an organization’s network, data, or devices. According to research, internal threats cost companies an average of 11.23 million dollars and Komtera Technology Sales Director Gürsel Tursun lists 6 necessary steps to prevent internal cyber threats.

According to the Ponemon Institute’s Internal Threats Global Report 2022 investigation of corporate insider threats, on average more than $180,000 is spent to contain the effects of an insider threat. Komera Technology Sales Director Gürsel Tursun, emphasizing that according to research data, companies are not taking precautions against increasing threats, argues that companies should not ignore the need to use the right endpoint solutions that will strengthen their evolving technology and cybersecurity. Tursun notes that steps need to be taken to prevent internal threats, which cost companies an average of $11.23 million, and makes 6 suggestions that will provide security against internal threats.

Increased 56 in the last 1 year!

Remote attackers aren’t the only threats organizations need to consider in their cybersecurity planning. Malicious, negligent and compromised users continue to pose a serious and growing risk. As the Ponemon Institute has revealed, threats from within have increased by 56 in the past year, taking an average of 85 days to contain an attack. Komtera Technology Sales Director Gürsel Tursun, who stated that the vulnerabilities of many companies in their cybersecurity, especially during the pandemic period, led to the increase in attacks due to internal threats, explains the cybersecurity policies that companies must implement against internal threats.

1. Remote working policies should be permanent, not temporary.As a starting point, companies must implement a strong, comprehensive remote work policy that directly addresses the security of corporate networks and data. Establishing a solid remote work policy is a simple yet effective way to combat threats from within, especially those caused by carelessness or negligence.

2. Use of VPN or MFA should be mandatory for employees.It is important for data security to take the necessary precautions to connect remote corporate employees to corporate networks. In particular, solutions such as VPN, multi-factor authentication and password management that can keep data safe and prevent data leaks from networks must be present on working devices.

3. The use of public Wi-Fi should be avoided.Connecting to important company data over unsecured Wi-Fi networks seems like a special invitation for hackers. Access to corporate data over unsecured and publicly accessible networks must be prevented.

4. Employees must be trained against social engineering attacks.Social engineering investigations are arguably the single most important factor that turns internal threats into remote attacks during the working period. By performing phishing, malware attacks on vulnerable devices and careless employees, hackers perform an easy and lucrative cyber attack. Company employees should be trained and informed about these issues through webinars.

5. The steps of the employees must be followed.Employee monitoring is an essential part of an effective defense against insider risk. Companies should monitor employees’ use of electronic data for unusual activity, especially if the data is extracted from the corporate network. Data monitoring not only detects data breaches when they occur, it can also deter employees from taking unnecessary risks when accessing or using company data.

6. Access restrictions and controls must be firmly held.Companies must apply the principle of “least privilege” by granting employees only the minimum level of access or privilege necessary to perform their duties and responsibilities. Likewise, companies should regularly review employee access rights to employee data and terminate employee access to data or accounts that are no longer in use or that employees no longer need to fulfill their job responsibilities.

Source: (BHA) – Beyaz News Agency