The vast majority of companies and government agencies feel vulnerable to insider threats—a fear that turns out to be justified, given that about half have experienced an insider attack in the last 12 months.
That’s according to Crowd Research Partners’ latest Insider Threat Report, which shows that a full 90% of organizations feel vulnerable to insider attacks. The main enabling risk factors include too many users with excessive access privileges (37%), an increasing number of devices with access to sensitive data (36%), and the increasing complexity of information technology (35%).
Commissioned by Cybersecurity Insiders and based on an online survey of 472 cybersecurity professionals around the globe, the research also uncovered that 52% confirmed insider attacks against their organization in the previous 12 months (typically less than 5 attacks). About a quarter (27%) of organizations say insider attacks have become more frequent.
"Insider threats are often more damaging than attacks from malicious outsiders or malware,” said Holger Schulze, CEO and founder of Cybersecurity Insiders. “That’s because they are launched by trusted insiders—both malicious insiders and negligent insiders with privileged access to sensitive data and applications.”
Accordingly, organizations are shifting their focus on detection of insider threats (64%), followed by deterrence methods (58%) and analysis/post-breach forensics (49%). The use of user behavior monitoring is accelerating as well: A full 88% of organizations deploy some method of monitoring users, and 93% monitor access to sensitive data.
Among the respondents, the most popular technologies to deter insider threats are data loss prevention (DLP), encryption, and identity and access management solutions. To better detect active insider threats, companies deploy intrusion detection and prevention (IDS), log management and SIEM platforms.
Encouragingly, most organizations (86%) already have or are building an insider threat program. About 36% have a formal program in place to respond to insider attacks, while 50% are focused on developing their program.