Over Half of Data Security Incidents Caused by Insiders

A shocking 70% of EMEA organizations have no insider risk strategy despite employees directly or indirectly causing most data security incidents over the past year, according to Imperva.

The security vendor commissioned Forrester to interview over 150 security and IT professionals in the region as part of a wider studyInsider Threats Drive Data Protection Improvements.

It found that insider threats caused 59% of incidents impacting sensitive data in the past 12 months. This follows a previous Imperva analysis of the most significant breaches of the past five years, which revealed a quarter (24%) were caused by human error or compromised credentials.

Imperva defines an insider threat as originating from “inappropriate use of legitimate authorized user accounts” by either their rightful owner or a threat actor who has managed to compromise them.

The largest number of respondents to the Forrester study cited a lack of budget (39%) and internal expertise (38%) as their reason for not prioritizing insider risk. However, nearly a third (29%) claimed they don’t see employees as a major threat, and a similar number (33%) cited internal roadblocks such as a lack of executive sponsorship.

Staff training (65%), manual monitoring of employee activity (50%) and encryption (47%) are the most common tactics to protect against insider threats in EMEA, the report found.

However, they appear to be having limited impact, and (56%) of respondents claimed their end-users found ways to circumvent data protection policies.

“Insider threats are hard to detect because internal users have legitimate access to critical systems, making them invisible to traditional security solutions like firewalls and intrusion detection systems. The lack of visibility into insider threats is creating a significant risk to the security of organization’s data,” argued Imperva AVP of Northern Europe, Chris Waynforth.

“An effective insider threat detection system needs to be diverse, combining several tools to not only monitor insider behavior, but also filter through the large number of alerts and eliminate false positives.”

Imperva recommended that organizations put together a dedicated function to handle insider risk and follow zero trust principles as they build out their programs.

What’s Hot on Infosecurity Magazine?