It’s easy to think of data breaches in terms of us and them.  

We picture the bad guys lurking outside our gates, looking for chinks in our armor (or firewalls in this case). In truth, when a breach occurs, it’s more likely that an employee left the gate unlatched.

A Harvard Business Review article points to the 2013 cyber attack on Target as a prime example of just how dangerous insiders can be. While the actual attackers were outsiders, they gained access to the retail giant’s systems through an insider, one of the company’s refrigeration vendors. The article also notes that at least 80 million insider attacks occur in the United States each year and their impact totals in the tens of billions of dollars a year.

What’s even more disturbing is that most of these attacks are preventable. The privacy and data-protection legal team at BakerHostetler said 36 percent of security breaches were the result of employee negligence. Another survey from CompTIA, the IT industry’s trade association, said human error is at the root cause of 52 percent of security breaches.

Companies of all sizes turn to technology to streamline operations. But the more employees and vendors that have access to a centralized system, the greater the risk for intentional and accidental breaches.

You may think that cybercriminals only target certain sectors. Healthcare and financial services are understandably targets for attack. Yet, according to the BakerHostetler Data Security Incident Response Report 2015 all industries are at risk of cyber attacks and only the frequency and severity differ.

Think of every company you do business with – your accountant, your coffee shop, your grocery store – they all use internal systems to house employee or customer data, such as social security or credit card numbers. To a smaller company, the ramifications of a breach can be even more costly than a large regulated organization. 

The BakerHostetler report said, “because incidents affecting these sectors often require forensic investigation and draw more media coverage, the cost and potential financial consequences are dramatically higher on a per-incident basis.”

Social media accounts are also exposed to risks from internal negligence. Furthermore the risk is magnified once a post goes viral. At that point, it’s impossible to contain and a company must activate damage control mode. That’s why many organizations are investing in software platforms that provide “social listening” capabilities. 

Social listening allows companies to monitor social conversations, flag inappropriate content and take action before it has a chance to escalate. Designing a solution that provides companies the ability to listen without compromising privacy is critical in the new cybersecurity paradigm. Paired with employee training, companies should focus on creating a wall of defense to protect valuable assets. 

When the odds say that a security breach will be caused by an internal source, organizations must do what they can to fortify the fortress from the inside out.

Is your company ready for the new cybersecurity paradigm?


Rohit Valia is the CEO & Founder of Cafyne. He was previously Program Director for Big Data Analytics at IBM. He is an experienced technology and marketing executive, with over 15 years of experience in enterprise datacenter technologies with hands on software development, product management and marketing experience in security, Java EE middleware, virtualization and cloud computing. Before joining IBM Platform Computing, he was the Director for Sun Microsystems cloud services business unit and then the head of Oracle University marketing. He has been a speaker at numerous JavaONE and other technical conferences and published papers in IEEE and other journals. He is also the author of two U.S. Patents related to Java co-processors and disconnected web client operations.