The following is a guest post by a 2016 Secure360 Twin Cities Gold Sponsor Veriato.
At Veriato we consistently survey the market to help better understand the challenges that information security professionals are dealing with. Here are some key findings:
1. Insider attacks are on the rise
62% of security professionals surveyed believe insider attacks have become more frequent.
2. Insider attacks are costly
Our survey respondents estimate the cost of remediating a successful insider attack at some $445,000. From the just about ¼ of respondents who bravely acknowledged experiencing an insider attack(s), we learned that the average number of known insider attacks per organization in the last 12 months was 3.8.
3. Insider attacks are difficult to detect and prevent
When asked how difficult it is to detect and prevent, 62% said insider attacks are more difficult than external attacks.
This makes sense for multiple reasons. First, an overwhelming majority of budgeted dollars go towards defending against external attacks as compared to internal. All that firepower breeds confidence. Second, insider attacks are by their very nature difficult to deal with. How do we prevent someone who has the keys to our house and our alarm code from entering it when we aren’t home and rifling through the drawers?
When it comes to insider attacks, our focus needs to be on detection. If we can detect a problem we can respond to it. Don’t let the daunting nature of trying to figure out how to prevent an attack paralyze you from taking action that will help secure your company.
4. 63% of survey respondents are most concerned with data leaks stemming from insider attacks
5. 29% are most concerned with IP Theft
6. 23% are most concerned with espionage.
Given that, it’s not surprising that databases (57%) and file servers (55%) we the top 2 IT assets considered most vulnerable to insider attack.
What data in particular? Customer data, intellectual property, sensitive financial, and company data (employee information, sales and marketing data, and healthcare related data) were the top types of data most vulnerable to an insider attack.
Yet with all this concern about data being leaked, breached, or stolen by insiders, only 21% of organizations continuously monitor the behavior of the users on their network.
Only 30% of organizations are using any type of analytics to help them detect insider threats.
Insider threats are real. They are damaging. They are difficult to detect and prevent. And we are concerned about our data.Yet budgets are not aligned. Only 34% expect their insider threat program budget to increase in the coming 12 months. More than 10% actually believe their budgets will go down.
And only about 1/5 of organizations have focused technology in place aimed at detecting the types of shifts in user behavior that indicate insider threat. Something needs to change, or we will continue to read about devastating insider attacks.
Where to start?
The first and most critical step towards mitigating the risk of a successful insider attack is detection. There is a detection problem. The good news is that problems can be solved.
First, focus where the problem is. The most common launching point for an insider attack is the endpoint – the place from where the insider is accessing the databases and file servers. We have users. Users are insiders. User Behavior Analytics has emerged to focus on detecting insider threats. And our user / insiders are most commonly attacking from the endpoint.
It stands to reason that we need to focus on the user activity and behavior taking place on the endpoint. Given the high cost of cleaning up after a successful insider attack, we can’t afford not to.