ABSTRACT
Cybersecurity is a global issue-you might be working at an organization in the United States, however, cyber-attacks come from all over the world. e Internet knows no boundaries. Organizations are reporting that cyber-attacks are increasing in both frequency and impact. In 60% of cases, attackers are able to compromise an organization within minutes (Verizon, 2015). Many organizations do not even know whether they have been exploited by a large-scale threat such as stolen user credentials or corporate assets hijacked for botnet use. And if organizations do not know of their security vulnerabilities, they are unlikely to have created a mitigation strategy for them. In a 2014 cyber-crime survey, 32% of respondents reported that damage caused by insider attacks were more damaging than outsider attacks (US State of Cybercrime Survey, 2014). In another study, the top action comprised of 55% of incidents, was from privilege abuse-employees/end users
abusing the access they have been given by their organization (Verizon, 2015). In more than 1,300 data breaches and 63,400 security incidents in 95 countries, a 2014 Data Breach Investigations Report found basic lapses at the heart of many of them such as employee mistakes, the use of weak and default passwords, system conguration issues, and inadequate system monitoring (Verizon Enterprise Solutions, 2014). Although corporate espionage is on the rise, employee negligence and posting nonpublic information to a public resource are the second most frequently occurring computer security incidents behind virus and malware infections. And, although the internal employees cited in the report were end-users, sysadmins, and developers, a signicant number of incidents were caused by partner errors.
