Enterprises prepare for insider threats to data
Insiders have become one of the largest threats to enterprises' critical digital and physical assets, according to research commissioned by EY, a consultancy services provider.
The study polled more than 665 senior executives in 17 countries and regions, including 40 professionals from China. More than 25 percent of respondents said they believe insider threats and illicit behaviors taking advantage of internet technologies are the fastest growing risk.
"About 70 percent of our services delivered to clients are focusing on illicit behavior taking advantage of internet technologies such as using loopholes in network systems and online payment schemes, particularly in fintech and online payment sectors," said Chen Zhi, an EY partner and expert in fraud investigation and dispute services.
More exposure amid increased connectivity is making it difficult to detect threats to critical assets, such as intellectual property, formulas, payment information, and clients' personal information, said Chen.
"It is not just an IT issue-it takes an enterprisewide approach including many human elements-to plan for, prevent, detect, respond to and recover from insider threats," said EY's research note on managing insider threats.
China's enterprises said they have increasingly invested in improving their organization's internet safety and internet security, including deploying more resources to build up their cybersecurity teams and use more third-party services, such as data monitoring, data recovery and user behavior pattern analysis.
On Nov 7, China's cybersecurity law was approved by the Standing Committee of the National People's Congress, China's top legislature. The law will come into effect on June 1, 2017.
"Having worked extensively with clients in APAC and China, we know the challenges they face managing data in legal proceedings and ensuring that privacy and state secrecy laws are respected. E-discovery solutions that allow clients to process data in the country and on-site at a company's premises in China are therefore essential," said Kate Chan, regional managing director in Kroll Ontrack's Asia Pacific practice, an end-to-end provider of electronic evidence services.
Even small-sized enterprises, such as startups, should bear in mind that computer forensics, e-discovery, and document review are important for protecting rights. They should start working with professionals, such as lawyers, at a very early stage of operations to ensure long-term growth and safety, said Chan.