Enterprises are cognizant of insider threats, but not fully prepared to stop them.
It’s said that ignorance is bliss. But in the case of IT security, ignorance can lead to hacks, financial loss, brand damage and/or job loss. The good news: nine out of ten enterprise organizations are not ignorant about the threat of insider attacks, according to the new 2018 Insider Threat Report from Cybersecurity Insiders. The report was sponsored in part by CA Technologies.
This high percentage of awareness is not unfounded, as over half (53%) of respondents have confirmed insider attacks against their organizations in the last 12 months. A quarter of respondents also say that insider attacks are becoming more frequent.
Such results come as no surprise because the great majority of significant attacks involve a compromised user credential or careless employee habits. To wit, Ameriprise customer financial information was exposed when an employee copied data to a non-secure Internet-connected hard drive in their home. Also, a compromised contractor account was the root cause of Target’s infamous breach.
The bad news from the survey: Only one-third of respondents believe their organization is “very effective” at preventing and detecting insider attacks. And nearly half believe such an attack could cost an impacted organization $1 million or more.
The main risk factors that have survey respondents worried: Too many users with excessive access privileges (37%); the increasing number of devices with access to sensitive data (36%); and the increasing complexity of information technology (35%).
Who is the biggest threat? That’s a toss-up, with about half of respondents more concerned about a malicious or deliberate act by an insider and the other half more concerned with accidental or unintentional insider actions that expose credentials or data. And, while privileged IT users and admins rank high (55%) on the list of concerns, regular users are the biggest concern (56%) noted by survey respondents.
Two-thirds of respondents said phishing attacks are by far the most concerning when it comes to accidental insider attacks, followed by poor passwords (56%), sharing of passwords (44%) and unlocked devices (44%).
What’s at Risk?
Many companies consider their data to be the crown jewels of the organization, so it’s not a surprise that many say confidential business information (57%), privileged account information (52%) and sensitive personal information (49%) are the most vulnerable to insider attacks—and that databases and file servers are the most vulnerable at 50% and 46%, respectively. Interestingly, mobile devices were ranked least vulnerable, with only a quarter of respondents citing them as a vulnerability.
Beefing up Defenses
To break the “kill chain” by preventing attackers from gaining access to privileged accounts, survey respondents are deploying an array of technologies, including data loss prevention and encryption (both 60%), identity and access management (56%) and endpoint security (50%). They’re also using intrusion detection (63%), log management (62%), security information and event management (51%) and predictive analytics (40%) to help detect attacks.
Defense and monitoring efforts seem to be working, as 89% of organizations say they could recover from an insider attack in under week, which is up 18% over last year. But there’s still work to be done, as less than a quarter say they could detect and recover within minutes.