February 3, 2019 / GuidesFor Team
An insider threat, according to Digital Guardian, is a security threat that originates within the organization and is carried out by an employee or officer of an organization or enterprise. These people may not necessarily be present members of the organization as they could also be people from the past who had access to proprietary or confidential information of the organization.
Crowd Research Partners revealed that an overwhelming number of organizations feel vulnerable to insider attacks. The survey, which was participated by 472 cybersecurity professionals, showed that 90 percent of the organizations that participated felt vulnerable to insider attacks. How confident are you and your clients? –Crischellyn Abayon
Crowd Research Partners released their annual Insider Threat Report, which is the most comprehensive survey on the topic of insider threats. The survey is comprised of 472 cybersecurity professionals, the majority (87%) being in leadership roles. The report is rich with data so let’s explore what has been identified. While this article provides an overview, it’s worth it to see the report for yourself to understand the context behind the final product.
The key findings of the survey were that an overwhelming 90% of organizations felt vulnerable to insider attacks. The top three risk factors enabling the insider threat vulnerability are excessive access privileges (37%), endpoint access (36%), and information technology complexity (35%). Of the 472 professionals interviewed, 53% confirmed that an insider attack had happened at their organization in the last year.
The survey had some interesting results about who companies consider the riskiest insiders. Surprisingly there was almost an even split in every question asked.
[ Keep up with 8 hot cyber security trends (and 4 going cold). Give your career a boost with top security certifications: Who they’re for, what they cost, and which you need. | Sign up for CSO newsletters. ]
Businesses must understand the role of data in today’s world, that data is no longer just IT’s responsibility. Rather data is the lifeblood of all business. One breach can be all it takes for an end to an organization. Survey respondents stated that the top three types of data vulnerable to an insider attack are confidential business information (57%), privileged account information (52%), and personal information (49%). The data assets most vulnerable to insider attacks are databases (50%), file servers (46%), and cloud applications (39%).
It’s one thing to identify that cyber security professionals are worried about insider threats, but the Crowd Research Partners report goes further and asks professionals what they believe have enabled these threats.
Insider threats require advanced detection and prevention controls and systems. Despite all of the doom and gloom above, it would seem that many of the survey respondents have security controls in place to handle insider threats.
Organizations understand that insider threat mitigation is not something technology alone is going to solve. However, in this year’s survey it would appear that the approach of most (64%) insider threat programs seems to be detection. This is followed closely by deterrence (58%) and then by analysis and post breach forensics (49%). Half of the respondents interviewed believe their organization is maturing in their insider threat program. Only 36% answered confidently that their insider threat program was at a mature stage.
The roadblocks to successful insider threat management were identified as lack of training, lack of technology, lack of department collaboration, and lack of budget. The only problem that seemed to have increased is access to suitable technology for insider threat management.
Many organizations also seemed to possess the capability to detect an insider attack within the same day, and even better mitigate or full on stop the insider attack within minutes or hours of detection.
As far as budget goes, it would seem that the respondent organizations IT security budgets are increasing for nearly half over the next year. Within these the allocation for cyber security survey respondents seem to have identified that roughly 6-10% is dedicated exclusively to insider threat prevention and mitigation.
The study itself is quite comprehensive and goes over a lot. It would be best to read the study in full to gain an understanding of where you may stand in the business community when it comes to mitigation of insider threats.
Posted In: Research