People are often surprised to find out that most damaging security threats do not originate from malicious outsiders or malware, but from trusted employees inside a company or value chain. Sometimes the person you think most trustworthy inside a company turns out to be the mole.
It's all about human nature. None of us can ever read people's minds and know the true and/or secret motivations that cause a trusted employee to go south. Not even the best security scheme can stop a malminded insider from doing damage.
The 2018 Threat Report, released Nov. 20 and conducted by Crowd Research Partners, clearly indicates that the vast majority of companies and government agencies believe that they're vulnerable to insider threats.
The survey is based on a comprehensive online survey of 472 cybersecurity professionals, which provides deep insight into current security trends.
"About half of the report's respondents said they experienced an insider attack during the last 12 months," said Holger Schulze, founder of Crowd Research Partners. "This report reveals the latest trends and provides actionable guidance on addressing threats as well as showcases how organizations are working to protect their critical data to prevent and mitigate inside threats."
Here are some highlights from the report:
- Ninety percent of organizations believe they are vulnerable to insider attacks. The main enabling risk factors include too many users with excessive access privileges (37 percent), an increasing number of devices with access to sensitive data (36 percent) and the increasing complexity of information technology (35 percent).
- Fifty-two percent confirmed that they suffered insider attacks against their organization in the previous 12 months (typically less than five attacks). Twenty-seven percent of organizations say insider attacks have become more frequent.
- Organizations are shifting their focus to detection of insider threats (64 percent), followed by deterrence methods (58 percent) and analysis/post breach forensics (49 percent).
- User behavior monitoring is accelerating. Eighty-eight percent of organizations deploy some method of monitoring users and 93 percent monitor access to sensitive data. The number of organizations monitoring their user behavior has increased significantly compared to last year (94 percent this year compared to 42 percent last year).
- Identification of high-risk insiders is a key part of a threat prevention strategy. One way to identify these individuals is to profile their behavior and work patterns. Organizations surveyed strongly believe it is necessary to identify high-risk insiders based on their behaviors (88 percent).
- Companies are equally worried about accidental/unintentional data breaches (51 percent) through user carelessness, negligence or compromised credentials as they are from deliberate malicious insiders (47 percent).
- The most popular technologies to deter insider threats are data loss prevention (DLP), encryption, and identity and access management solutions. To better detect active insider threats, companies deploy intrusion detection and prevention (IDS), log management and SIEM platforms.
- More than three-fourths (78 percent) of respondents inventory and monitor all or the majority of their key assets. An overwhelming majority (93 percent) of organizations monitor access to sensitive data. The level of monitoring varies; 47 percent continuously monitor data access and movement to proactively identify threats.
- Eighty-six percent of organizations already have or are building an insider threat program. Some 36 percent have a formal program in place to respond to insider attacks, while 50 percent are focused on developing their program.
- Organizations are shifting their focus on detection of internal threats. In this year's survey, detection (64 percent) surpassed deterrence methods (58 percent) to take the top spot, followed by analysis and post breach forensics (49 percent).
- For the third year in a row, lack of training and expertise (52 percent) remain the biggest barrier to better insider threat management. Other barriers include the lack of suitable technology (43 percent); tied for third place in this year's survey are both lack of collaboration between departments (34 percent) and lack of budget (34 percent). Notably, lack of budget fell from second place last year to third this year.
You can download the complete report here.