Why Insider Security Threats Are a Growing Problem
By Gina Roos
62% of IT security professionals said insider threats have increased in the past 12 months.
The top sources of insider threats include insufficient data protection (53%), more data leaving the network (50%) and more devices with sensitive data (50%).
The average data breach lasts nearly seven months, yet only 11% of organizations believe it would take even six months to detect an insider threat.
45% of respondents had no idea how many insider threats actually occurred in their organizations during the last year.
30% of organizations said they do not have the appropriate controls to prevent an insider attack, and 23% are unsure if they have the appropriate controls.
Applications most vulnerable to insider threats include collaboration and communication (45%), cloud storage and file sharing (43%), and finance and accounting (38%).
Privileged users pose the biggest insider threat (59%), followed by contractors and consultants (48%), and regular employees (46%).
Key reasons detection and prevention of insider attacks are increasing: insiders have credentialed access to the network and services (66%), increased use of apps that can leak data (58%) and increased amount of data that leaves protected boundary/perimeter (42%).
The biggest perceived barriers to better insider threat management include a lack of training and expertise (63%), insufficient budgets (48%) and a lack of priority for insider threat defense (43%).
The most popular strategies for combatting insider threats include user training (45%), background checks (41%) and user activity monitoring (39%).
The most effective tools in protecting against insider threats include policies and training (36%), data-loss prevention (DLP) tools (31%), and identity and access management (IAM) (30%).
Most organizations focus their insider threat management resources on deterrence tactics (63%), followed by detection (51%), and analysis and forensics (41%).