Oxford Study Warns Against Internal Cyber-Attacks
In a new Harvard Business Review article, Professor David Upton of Saïd Business School and Professor Sadie Creese of Oxford’s Global Cyber Security Capacity Centre warn that internal cyber attacks against companies are an increasing threat that costs tens of billions of dollars a year worldwide and ruin companies. Their study found that while many organisations are intensifying their defences against external attack, these widely used safeguards are often ineffective against attacks involving insiders. Such attacks from insiders, be they from employees, suppliers, or other companies legitimately connected to a company’s computer system, pose a more pernicious threat than external attacks.
Over the past two years, Professor Upton and Professor Creese have led an international research project whose goal is to provide a significant step change on insider threat prevention and detection so companies can be better protected. The study found that many managers were ignorant of the threat of insider attacks and the risks it posed from fraud, sabotage, intellectual property theft, and corporate terrorism. The key to reducing their vulnerability, they say, is to adopt the same approach companies applied to improve quality and safety at the end of the last decade. They recommend removing the reliance on the IT team and making it everyone’s responsibility to ensure critical assets are protected, proposing five steps that managers should implement immediately to reduce the risks:
1. Adopt a robust insider policy
2. Raise awareness
3. Look out for threats when hiring
4. Employ rigorous subcontracting processes
5. Monitor employees
Click here to read more about their recommendations and research.
