Skip to main content
close search
site logo
Dive Brief

Insider cyberthreats on the rise; SunTrust pays steep price

Published April 25, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
iAMMrRob/Pixabay

Dive Brief:

  • A former SunTrust employee used contact lists of 1.5 million customers from SunTrust's data to attempt to commit theft, compromising names, addresses, phone numbers and banking balances, according to a company announcement. In response to the breach, SunTrust will offer customers identity protection service Experian IDnotify for free. 

  • ObserveIT defines insider threats as negligent employees or contractors, criminal or malicious insiders, or credential thieves, according to an ObserveIT report of 717 international IT and security professionals. The average cost for negligent employee incidents is about $280,000 while a thief who steals credentials can double the costs to nearly $650,000. But negligent employees account for 64% of incidents while malicious insiders, like Suntrust's, are responsible for only 23% of incidents.

  • It takes about two months to contain an insider security incident and could cost nearly $9 million over a 12-month period, according to ObserveIT. Costs mount from lost business, damaged IT assets, remediation expenses and indirect costs in the form of time and manpower spent on the incident.

Dive Insight:

The old-school approach to cybersecurity was designed as the moat protecting a castle. However, just protecting the outside perimeter is not nearly enough to prevent a cyberattack or breach, especially when the threat is coming from inside the castle.

Insider threats are on the rise, highlighting the importance of properly educating an organization's workforce. Even though negligence is the most prevalent form of insider threats, it may be slightly less alarming than an employee working in an intentionally destructive manner.

Trusting employees is crucial in protecting a business's reputation and customers, and where training efforts fall short, appropriate monitoring tools should be considered.

Hijacked credentials are one of the most common ways malicious actors maneuver themselves through a system, especially credentials with privileged access. But threats also arise in file-sharing or cloud-based services. Unrestricted access to these allow malicious actors to roam freely around company data.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Productboard Launches AI-Powered Productboard Pulse To Integrate Voice of Customer Into Produc…
From Productboard
October 29, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell