How Cloud, BYOD Strategies Create Insider Threats
How Cloud, BYOD Strategies Create Insider Threats
Although adoption of the cloud and BYOD practices is generally perceived as positive for businesses, these shifts can fuel insider threats, a poll of cyber-security pros finds.
Big Threats
One in three organizations have experienced an insider attack in the last year, and 74% feel vulnerable to insider threats.
More Leaks
56% of organizations believe insider leaks have increased in the last year.
A Big Problem
66% of respondents said preventing insider attacks is more difficult than protecting against external threats.
User Behavior and Data Leaks
One-third of organizations said careless or malicious user behavior resulted in data leakage, up slightly from a year ago.
Big Concerns
71% of respondents are most concerned with inadvertent leaks that are the result of unsanctioned app usage, unintended external sharing and unsecured mobile devices. Other concerns include negligence (68%) and malicious insiders (61%).
Privileged Users
60% of organizations said privileged users, more than any other user group, posed the greatest security risk.
Employee Leaks
Cyber-security professionals believe a lack of employee training (62%) is the biggest cause of many insider leaks, followed by insufficient data protection solutions (57%), more devices with access to sensitive data (54%) and more data leaving the network perimeter (48%).
Lacking Analytics
56% of organizations use some kind of analytics solution to address anomalous behavior, but only 15% have user behavior analytics in place and only 8% use predictive analytics. One-third do not have any analytics solutions to detect insider threats.
Vulnerable Apps
Collaboration tools (44%) were perceived as the most vulnerable to insider threats, followed by cloud storage apps (39%), finance and accounting (39%), social media (34%), custom business apps (33%), and productivity apps (28%).
Detecting Insider Threats
64% of organizations can detect a breach within a week, up from 42% a year ago. Only 23% take a month or longer to identify insider breaches.
Best Prevention Tools
Policies and training (57%), identity and access management solutions (52%), encryption (50%) and data leakage prevention (49%) topped the list of the best tools for preventing insider attacks.