Insider Threats Behind a Sharp Rise in Data Theft

Written by

Insider threats have been behind the sharp increases over the past 18 months in the percentage of organizations that have experienced loss or theft of company data.

According to the Ponemon Institute, three out of every four organizations (76%) have been hit over the past two years—a significant increase from the 67% of IT respondents who gave the same response in a 2014 study. The findings show that the rise is due in large part to compromises in insider accounts—a phenomenon that is only exacerbated by an increase in the proportion of employees who have unnecessary access to sensitive or confidential data.

IT respondents say insider negligence is more than twice as likely to cause the compromise of insider accounts as any other culprits, including external attackers, malicious employees or contractors.

"Despite all the technology available and the spike in highly publicized attacks, data breaches continue to rise,” said Larry Ponemon, chairman and founder of Ponemon Institute. “The most valuable data featured in most breaches is unstructured data such as emails and documents. When emails and files are surfaced, they tend to cause scandal, forcing the breach to have a lasting effect on the company’s reputation.”

A full 62% of end users say they have access to data they probably shouldn’t see, and only 25% of IT people say their companies monitor all employee and contractor email and file activity. And, 88% of end users say their jobs require them to access and use proprietary information such as customer data, contact lists, employee records, financial reports, confidential business documents or other sensitive information assets. This is sharply higher than the 76% recorded in the 2014 study.

Only 29% of IT respondents report that their organizations enforce a strict least-privilege model to ensure insiders have access to company data on a need-to-know basis. Only 25% of organizations monitor all employee and third-party email and file activity, while 38% do not monitor any file and email activity. This lack of management dovetails with the findings of other surveys and research.

“This survey raises key points as to why hackers are able to maximize impact—too many employees have too much access, beyond what they need to do their jobs,” Ponemon said. “On top of this, when employees access valuable data and their activity is not tracked or audited, it becomes far too easy for an external hacker or a rogue insider to get away unnoticed.”

About 35% of organizations have no searchable records of file system activity, leaving them unable to determine, among other things, which files have been encrypted by ransomware.

This, despite the fact that 78% of IT people are very concerned about ransomware: 15% of organizations have experienced ransomware and barely half of those detected the attack in the first 24 hours.

“Right now, we’re in a technology arms race with hackers and insider threats,” said Yaki Faitelson, co-founder and CEO of Varonis, which sponsored the report. “Unnecessarily excessive internal access combined with a lack of monitoring and auditing sets organizations up for disaster. Sony Pictures, the Panama Papers and the recent Democratic National Committee intrusions all concerned the theft of files and emails that were not protected well enough from insider threats or outside attackers that compromised insider credentials, causing major damage to those organizations and their reputations. These new findings, alongside the fallout from those breaches, should keep executives awake at night. What will be the straw that makes businesses focus their efforts on protecting their precious information assets?”

Poto © Andrea Danti

What’s hot on Infosecurity Magazine?