Insider threats are underestimated | Pentest7

top cybersecurity companies

It’s not just hackers who attack IT systems. Company employees can also cause damage. However, many companies are not aware of these insider threats.

Danger From Within: Imperva, Inc., has released a new study. It shows that organizations are failing to address insider threats at a time when risk is at its highest.

The study, commissioned by Imperva and conducted by Forrester, found that the majority of security incidents (59%) that impacted sensitive data at organizations in EMEA over the past 12 months were caused by insider threats have been. However, most (59%) do not give them the same priority as external threats. Although insider threats are more common than outsiders, less is invested in stopping them.

This practice is at odds with the current threat landscape, where the risk from malicious insiders is higher than ever. The rapid shift to remote working has left many employees outside of typical corporate security systems, making it harder to detect and prevent insider threats. In addition, “The Great Resignation” – the large wave of resignations that mainly affects the US but also occurs in other markets – creates a climate in which there is a higher risk of employees stealing data. Individuals may intentionally steal information to help themselves with future employment because they are angry and want revenge. However, a careless employee could also inadvertently steal important information if they leave the company with it.

But why don’t companies prioritize insider threats? A majority of respondents blame a lack of budget (39%) and a lack of in-house expertise (38%), but there are other issues. Almost a third (29%) of organizations do not perceive insiders as a serious threat, and 33 percent say their indifference to insider threats stems from internal barriers such as a lack of executive support. In fact, nearly three-quarters (70%) of organizations have no strategy or policy for managing insider risk, and the majority (58%) do not have a dedicated insider threat team.

The results show that organizations grossly underestimate the magnitude of insider threats. A previous Imperva analysis of the top data breaches over the past five years found that a quarter (24%) of these were caused by human error (defined as accidental or malicious use of credentials for fraud, theft, ransomware, or data leakage) or compromised credentials .

“Despite increased investments in cybersecurity, organizations are more focused on protecting against external threats than on the risks that might lurk within their own network,” said Kai Zobel, Area Vice President EMEA Central at Imperva. “Insider threats are difficult to detect because internal users have legitimate access to critical systems, making them invisible to traditional security solutions such as firewalls and intrusion detection systems. The lack of visibility into insider threats poses a significant risk to the security of corporate data.”

The top strategies companies in EMEA currently use to protect against insider threats and unauthorized use of credentials are regular manual auditing/monitoring of employee activities (50%) and encryption (47%). Many also train their employees to ensure they comply with privacy and data loss prevention policies (65%). Despite these efforts, security breaches and other data breaches still occur, and more than half (56%) of respondents said end users have found ways to circumvent their privacy policies.

“It is imperative that organizations incorporate insider risk into their overall data protection strategy. An effective insider threat detection system must be multi-layered, combining multiple solutions to not only monitor insider behavior, but also to sift through the large number of alerts and filter out false positives. Since protecting an organization’s intellectual property starts at the data layer, a comprehensive data protection plan must also include a security tool that protects the data layer,” said Kai Zobel, Imperva’s Area Vice President EMEA Central.

Organizations that want to better protect themselves against insider threats should do the following:

  • Gaining approval from all stakeholders to invest in an insider risk program: Insider risk is a human issue, not a technological issue, and must be treated as such. It is also a risk that affects all areas of the company. Therefore, it is important to the success of the insider risk program that it has the endorsement and support of senior management across the company. That’s why it makes sense to start at the top to gain buy-in and support, and then involve leaders from HR, legal, IT, and other areas of the organization.
  • Follow Zero Trust principles to manage insider risk: A zero-trust approach helps protect data and users, and limits insiders’ ability to use sensitive resources that are not necessary for their function.
  • Set up a dedicated body to deal with insider risk: Because the insider threat is a human phenomenon and inherently sensitive, it requires dedicated resources. These can be integrated into the security team or, even better, be their own dedicated department. In any case, this team needs a specific insider risk mandate and training to detect and respond to insider threats.
  • Establish and follow insider risk program processes: The explosive nature of insider trading and the associated privacy concerns require strict policies to be put in place and followed. Any review should be treated as if it would end up in court and the guidelines should be applied consistently.
  • Implement a comprehensive data security solution: A complete solution goes beyond DLP (Data Loss Prevention) and provides monitoring, advanced analytics, and automated responses to prevent unauthorized, accidental, or malicious data access. The technologies used should support the established processes and the mission of the insider risk department. This allows the company to save costs and reduce the risk of business-damaging security incidents.

investigation methodology

Forrester conducted a September 2021 online survey of 464 security/IT professionals employed at organizations in APAC (Asia Pacific), EMEA (Europe, Middle East, Africa), and North America for insider threat management and responsible for responding. 153 respondents were based in EMEA.

Leave a Reply

Your email address will not be published.