Digital White Papers

SC24

publication of the International Legal Technology Association

Issue link: https://epubs.iltanet.org/i/1519635

Contents of this Issue

Navigation

Page 11 of 22

I L T A W H I T E P A P E R | S E C U R I T Y & C O M P L I A N C E 12 U S I N G E M P L O Y E E E N G A G E M E N T A N D T E C H N I C A L C O N T R O L S T O R E D U C E I N S I D E R R I S K I n an increasingly digital world, cybersecurity for the information and data that law firms and other counsel are entrusted with is more important than ever. Complex passwords, multi-factor authentication, and firewalls are essential defense mechanisms, but they often fail to address a significant risk vector: the employee, an insider. Optiv defines insider risk as "the potential for an employee or other person with legitimate system and data access to negatively impact an organization's people, data, or resources" (Insider Risk | Optiv). Ponemon Institute's 2023 Cost of Insider Risks Global Report (Ponemon Cost of Insider Risks Global Report - DTEX Systems Inc) notes that the costs of insider risk are at an unprecedented high. In 2023, the average annual cost of a data breach from insider risk was $16.2 million per organization, up from $15.4 million in 2022. Typically, these data breaches take about three months to contain. Moreover, the 2023 report revealed that the most significant costs of insider-related data breaches are accrued after the incident occurs due to containment and remediation efforts. While insider risk can never be eliminated, it can be reduced through technical and non- technical controls and by leveraging employee engagement. Insider Risk Explained When exploring how to reduce insider risk, it is vital to understand the differences between unintentional insider risk and intentional insider risk. Organizations experience harm from unintentional insider risk when an employee or another person closely associated with the organization is negligent or becomes complacent when handling data. Careless insiders can compromise data security by losing a laptop with unencrypted data, sharing a password with an unauthorized individual, clicking links in a suspicious email, or any other negligent act where due regard for data security is not observed. Complacency can also contribute to unintended data loss when insiders fail to follow proper security protocols, such as not updating applications and operating systems, dating applications and operating systems, using or reusing weak passwords, or not following data deletion best practices. In 2023, these non-malicious insiders accounted for 75% of all insider risk incidents (Ponemon Cost of Insider Risks Global Report - DTEX Systems Inc, p. 5). Using Employee Engagement and Technical Controls to Reduce Insider Risk by Scott Busch, Ethan Powell and Joshua Smith

Articles in this issue

Links on this page

Archives of this issue

view archives of Digital White Papers - SC24