SANS Reveals Insider Threat Security Gaps

Three-quarters of IT security professionals are concerned about the threat to their organizations from malicious and negligent insiders, even though a third have no means to defend an attack from within, according to a new study from the SANS Institute.

The training and research institute spoke to over 770 infosecurity professionals in a range of industries and sizes of organization to compile its SANS 2015 Survey on Insider Threats.

Although 74% said they were concerned about insider threats, 32% claimed they had no systems in place to prevent a potentially devastating security incident, which could lead to financial loss and brand and reputation damage.

Large numbers of respondents also appeared to have limited visibility into the problem.

Over half (52%) said they can’t calculate what the potential damage to the organization would be from such an attack, while 44% don’t even know how much they’re spending on insider threat prevention.

Lack of training, budget and qualified staff were given as the three main reasons why insider defenses are so often found wanting , but even more worrying is that 28% of respondents claimed that preventing insider threats isn’t a priority.

Just a third (34%) of respondents said they had suffered an insider breach, although this may be more down to a lack of adequate detection tools than anything else.

Meanwhile, 66% of those interviewed by SANS either don’t have an insider response plan or have no incident response plan at all.

Roy Duckles, EMEA channel director at Lieberman Software, argued that many firms remove internal safeguards in order to maintain staff productivity levels.

“Anyone who has full admin rights and no accountability has the opportunity to effect an insider attack with a low risk of being detected. Without privileged admin controls there is no way of controlling this security blind spot,” he told Infosecurity.

“Add to this the fact that many companies fail to enforce a strong password policy, and many passwords are replicated and known throughout an IT team, then it becomes just too easy for a person to find the access they require.”

Two-factor authentication, coupled with privileged access controls and ensuring admins don’t know the passwords needed to access systems, will help reduce the risk of insider threats, he added.

David Chismon, security consultant at MWR InfoSecurity, added that insider threats could range from nation states using insiders to access data, to staff selling data for financial gain, and even those who try and steal data to help them land a new job.

“Investment in preventing or detecting insider threats has an added benefit. Cyber attacks typically work by spearphishing users and abusing their access, so methods to prevent or detect insiders will also help to stop more advanced external attackers,” he told Infosecurity.

“Many of the more effective prevention and detection strategies for external attackers who have gained access to the internal network will prevent and detect internal threats just as readily."

What’s Hot on Infosecurity Magazine?