It is one thing to suffer a cyber attack from a nation state or outside force, but more often than not, fears are growing about assaults coming from within, including rogue employees and vendors.
The percentage of technology executives who said state-sponsored cyberwarfare was the most dangerous cyberthreat their company faced declined to 26 percent from 38 percent in the third-quarter this year, according to a CNBC Technology Executive Council survey. But concerns about rogue employees rose to over 18 percent from 14 percent of executives citing it as the biggest danger. In addition, for the first time, rogue vendors showed up in the results, with nearly 6 percent of tech executives saying this was their biggest cyberthreat.
The rising fears related to rogue employees comes in the wake of the July cyberattack on Capital One, in which more than 100 million customer accounts were stolen by a former Amazon employee — Amazon Web Services provide cloud computing to the financial services company. The CNBC Technology Executive Council survey for the third quarter 2019 was conducted from Sept. 9–Sept. 22 among 54 council members.
The role of the individual rogue employee sets that hack apart from other high-profile incidents, such as the Equifax and Marriott International attacks, which featured state-sponsored actors.
“This situation does bring this type of hack to mind with us,” said Xerox chief information security officer Alissa Abdullah, a member of the CNBC Technology Executive Council in the report. “Every breach disclosed reminds of things we need to either shore up in our own areas or further verify that we are doing enough. … This is just a reminder that these type of incidents are happening all around us. The disclosure of an incident isn’t the first time it has happened, nor is it isolated, so no CISO (chief information security officer) should think ‘it can’t happen to me,’” she said.
Also asked in the survey was what is the most dangerous cyberthreat to your company or organization?
“Encryption is failing us,” said Tom Kellermann, chief cybersecurity officer of Carbon Black, a member of the CNBC Technology Executive Council in the report.
Kellermann said while companies are spending more on cybersecurity and may be better prepared, “most companies are insufficiently prepared to mitigate cybercrime.”
According to Carbon Black research, the hacker community has dramatically increased its organization and level of sophistication in 2019. Most cyber-intrusions are no longer “smash-and-grab burglaries” but rather they escalate into “home invasions.”
“Cybersecurity must be viewed as a functionality of conducting business in 2019, not an expense. This is no longer an IT problem. This is a brand protection problem,” Kellermann said.