Despite spending increases and investments in deterrence tactics and detection tools, nearly three-quarters (74%) of organizations feel vulnerable to insider threats, a significant 7% increase over last year.
“Ask any cybersecurity specialist to name the biggest security threat to an organization and they’ll tell you it’s people,” said Bryan Ware CEO at Haystax Technology, which conducted the survey. Yet despite increased funding on insider threat programs, he added, the problem shows no signs of abating. He added, “Training programs and network controls are important, but without analytics that produce actionable intelligence, organizations are often left in the dark until after an insider does damage.”
Mark James, security specialist at ESET, told Infosecurity in an interview that this is a critical point, given that insider threats can be very difficult to detect based on ordinary human observation.
“It’s very easy in the digital world to be duped, mislead or just plain and simply scammed,” he said. “When someone stands in front of you and asks for something they know they are not entitled to or should not be asking for, their body language will often give that very fact away. It might be a slightly red face or tell-tale sign or just the uneasy way they ask but put a keyboard between you and them and all that disappears. If two people send the same email, one authorized and one not, asking for information in an email, you would be hard pressed to tell the difference based on letters and text. But we are expected to make those decisions often on a daily basis, most times we get it right but sometimes we don’t. Sadly it’s the latter that can make a difference, it’s something we have to do 100% of the time and the bad guys only need to be successful once.”
Nevertheless, Haystax found that although funding is increasing in tools to aid this process, inadequate resources are being allocated to some key components of insider threat mitigation, such as predictive risk analytics. Of the organizations that are investing in insider threat mitigation, 61% are focusing mostly on deterrence (e.g., access controls, encryption, policies, etc.) and 49% on detection (e.g., monitoring, intrusion detection systems, etc.)—while 35% employ forensics and analysis systems like security information and event management (SIEM) tools.
Most survey respondents (67%) indicate that because insiders already have credentialed access to their networks and services, they are much more difficult to detect and deter than external threats. But only 42% of organizations say they are regularly monitoring user behavior, while 21% do none at all.
The good news is that insider threat detection has improved, with 46% of respondents believing they could detect an attack within a day at most. What’s more, 68% are confident in their ability to recover from an attack in a week or less, up 20% over last year’s survey. However, three-fourths estimate remediation costs could be up to $500,000, with the other 25% believing costs could exceed that amount—and perhaps reach into the millions of dollars.