Companies facing data breaches in 2018 should probably investigate employees and third-party vendors before pointing the finger at external cybercriminals or nation-state hackers, a cybersecurity pro told Bloomberg Law.

Nation-state cyberattacks–often naming China, North Korea, or Russia as the alleged bad guys – make the headlines. The massive Equifax Inc. data breach has been linked to state-sponsored actors, according to Bloomberg News. Ransomware attacks such as WannaCry and Not-Petya have also been linked to foreign nation-states.

But workers and other insiders with access to sensitive information may be the more likely data breach incident culprits, Kurt Long, CEO and founder of data protection company FairWarning in Tampa, Fla., told Bloomberg Law. “Insider threats will become more and more important to delve into throughout 2018,” he said.

A quarter of data breaches can be pinned on internal actors, according to Verizon Communications Corp.’s latest data breach investigations report.

Read More