New research from Imperva has revealed that one in 50 employees is believed to be a malicious insider, with over a third (36%) of companies surveyed claiming to have experienced security incidents as a result of malicious staff within the last year.
What’s more the firm was quick to reaffirm Gartner research that suggests, contrary to popular belief, malicious insiders are not always departing staff with a grudge who cause as much disruption as they can before they leave an organization.
“While insider data thefts are often anticipated when employees leave an organization, our research suggests many insiders with bad intentions have no intention of leaving but prefer to turn their access to information into a second income stream,” Gartner’s report Understanding Insider Threats said.
Imperva’s survey, which drew information from 140 real-life incidents and quizzed 250 UK-based IT professionals, unearthed some examples of the type of damage that malicious attacks of this nature can cause with theft or dissemination of confidential data, indemnity theft, loss of productivity and damage to equipment/facilities among the most common.
However, insider threats are not limited to intentional acts of mischief; careless and compromised employees can do similar damage to an organization, even without meaning to cause any harm.
Imperva found that 12% of enterprises were hit by security incidents following acts of carelessness, while 21% of IT professionals agree or strongly agree that their company is full of ‘data dummies’ who misuse access to corporate information. Examples included employees sharing confidential documents with the wrong person, forgetting to log out of their computer and visiting illicit websites that introduce malware into the network.
“Our study shows that the insider threat is real and reinforces the fact that the biggest threat to enterprise security is the people already on the payroll,” said Imperva’s chief strategist Terry Ray. “The unfortunate reality is that insiders can do far more damage than external attackers because they have legitimate access and vast opportunity.”
To mitigate the risk, enterprises should ask themselves where sensitive data lives, and try to invest more money in protecting that, instead of wasting budget solely building ‘higher’ and more advanced firewalls, he added.
“Detecting insider threats requires combining a set of technologies and techniques. The basis for good detection is proper monitoring of all data access activity. On top of that, there should be anomaly detection based on behavior analysis that can detect abusive access patterns or abnormal extraction patterns.”