Privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations (59 percent), according to a survey of 500 cyber security professionals by Crowd Research Partners.
The insider threat survey was conducted in cooperation with the more than 260,000- member Information Security Community on LinkedIn and security vendors, including Bitglass, Dell Software, SpectorSoft, Vectra Networks and Watchful Software.
After privileged users, contractors and consultants (48 percent) and regular employees (46 percent) were the next biggest threat to organizations.
Of those surveyed, 62 percent reported insider threats have become more frequent in the last 12 months, but only 34 percent expect additional budget to address the problem.
This rise in insider attacks is mostly due to a combination of three factors: insufficient data protection strategies and solutions (53 percent); the proliferation of sensitive data moving outside the firewall on mobile devices (50 percent), and lack of employee training and awareness (50 percent).
Less than half of organizations have appropriate controls to prevent insider attacks, and 62 percent of respondents said that insider attacks are far more difficult to detect and prevent than external attacks.
Respondents said insider attacks are difficult to detect and prevent primarily because insiders often already have access to systems and sensitive information (66 percent). The increased use of cloud- based apps (58 percent), and the rise in the amount of data that is leaving the protected network perimeter (42 percent) also are key contributing factors.
Nearly four in 10 (38 percent) of survey respondents estimate that remediation costs could reach up to $500,000 per insider attack, while just under two- thirds (64 percent) of respondents said it is difficult to estimate the cost of damage caused by a successful insider attack.
Data leaks stemming from insider attacks are most concerning to the survey respondents (63 percent).
However, respondents are slightly more concerned about inadvertent data breaches (57 percent) than malicious breaches (53 percent).
Databases (57 percent) and file servers (55 percent) are considered most vulnerable to insider attacks, followed by mobile devices (44 percent), endpoints (42 percent) and business applications (41 percent).
Collaboration and communication apps, such as email, are most vulnerable to insider attacks (45 percent), followed by cloud storage and file- sharing apps such as Dropbox (43 percent). Finance and accounting apps came in third with 38 percent.
Due to its value to attackers, customer data is most vulnerable to insider attacks (57 percent), closely followed by intellectual property (54 percent), and financial data (52 percent).
Employee data (45 percent), sales and marketing data (30 percent) and health care data (20 percent) also are vulnerable to attack.