IBM: Employees, not outsiders, are responsible for majority of cyber threats
The number one threat to healthcare data isn't the most obvious. Rather than malevolent, faceless hackers, it's often an organization's own employees who open the door to theft, malware, ransomware and a host of other problems, according to IBM's 2016 Cyber Security Intelligence Index.
Sixty percent of all attacks in 2015 were made by insiders - employees, contractors, consultants and third-party vendors - with malicious intent or inadvertent actors. Inadvertent actors are initiated or instigated by trustworthy people within an organization.
Two-thirds of these attacks were fueled by malicious intent and the rest were the result of inadvertent actions.
These insiders have insights to a company's potential weaknesses and potential access to insider-only data, including physical or remote access to company assets. This allows for an obvious opportunity as it's unlikely they need to bypass protection systems, according to the report.
Harvard Business Review describes the primary types of insider risks as human error, such as stolen devices or misaddressed emails; malicious employees and cybercriminals with stolen employee identities through malware or phishing schemes.
"It's difficult to think of your employees as a potential threat. And while thankfully the great majority of them pose no threat whatsoever, we know that at least some of them do," the report's authors said.
The IBM study also found the healthcare industry topped the list of industries under attack, followed closely by the manufacturing and financial service industries. The personal nature of the data makes healthcare a prime target for these types of attacks.
IBM's average client company experienced about 53 million security events in 2015, 1,157 attacks and on average about 178 security incidents – up 66 percent from the 109 in 2014. This is about 3.4 incidents a week.
An "event" refers to a security issue detected by a security device or application, according to the report, while an "incident" refers to an attack that requires a deeper investigation.
Unauthorized access is the leading cause of incidents across IBM clients' landscape, with 45 percent of all incidents citing this as the cause. Interestingly, 29 percent were caused by malicious code, like ransomware. Other sources include sustained probe (16 percent), suspicious activity (6 percent) and access or credentials abuse (3 percent).