As Halloween looms, it would certainly feel like the right time to think of our favourite horror stories. From an enterprise IT perspective, there are too many to keep up with these days. From the constant threat of cyber attacks from external hackers, to the rise of new forms of cyber-crime such as cryptojacking – the threats are constant, rapidly evolving and real.

But, often the most terrifying of all threats to a company’s IT network, is that posed by the insider. According to a Ponemon report, from the Ponemon Institute, over the past two years the insider threat has escalated for businesses, with the average number of incidents involving employee or contractor negligence having increased by 26 percent, and by 53 percent for malicious and criminal insiders.

Our own research at CyberArk also shed light on how IT security decision makers aren’t exempt from putting their organisations at risk. A startling 85% worried that they might personally introduce a cybersecurity incident into their company.

So, how can businesses across all sectors, take steps to avoid an insider threat nightmare?

Dealing with human error

The most common problems impacting many businesses include system misconfiguration, poor patch management, using default settings and weak passwords, lost devices, and sending sensitive data to the wrong e-mail address by mistake. Some of these problems are the result of the individual’s brief lapse of concertation or a slip of the mouse. It could be something as simple as clicking “reply all” on an e-mail, for example. Some, however, are the result of poor policy or poor management. System configurations and patch management should be matters of organisational policy and should be routinely assessed.