Despite an increase in spending and investment in deterrence tactics and detection tools, insider threats continue to cause harm to all types of organizations, according to a new cybersecurity industry survey from Haystax Technology. Although funding is increasing, inadequate resources are being allotted to predictive risk analytics — a critical component of mitigating insider threats, according to The “Insider Attacks” report. This lack of analytics investment comes at a price, as insider attacks continue to be costly.
“Ask any cybersecurity specialist to name the biggest security threat to an organization and they’ll tell you it’s people,” said Haystax CEO Bryan Ware.
Yet despite increased funding on insider threat programs, the problem shows no signs of abating. “Training programs and network controls are important, but without analytics that produce actionable intelligence, organizations are often left in the dark until after a malicious insider does damage,” Ware added.
Using crowd-based research in partnership with the 300,000-plus members of the Information Security Community on LinkedIn and Crowd Research Partners, Haystax’s report found nearly three-quarters (74 percent) of organizations feel vulnerable to insider threats, a significant seven-percent increase over last year. Of the organizations that are investing in insider threat mitigation, 61 percent are focusing mostly on deterrence (e.g., access controls, encryption, policies, etc.), and 49 percent on detection (e.g., monitoring, intrusion detection systems, etc.) — while 35 percent employ forensics and analysis systems like security information and event management (SIEM) tools.
Most survey respondents (67 percent) indicate that because insiders already have credentialed access to their networks and services, they are much more difficult to detect and deter than external threats. But only 42 percent of organizations say they are regularly monitoring user behavior while 21 percent do none at all.
Insider threat detection has improved, with 46 percent of respondents believing they could detect an attack within a day at most. What’s more, 68 percent are confident in their ability to recover from an attack in a week or less, up 20 percent over last year’s survey. However, three-fourths estimate remediation costs could be up to $500,000, with the other 25 percent believing costs could exceed that amount — and perhaps reach into the millions of dollars.
For more information about the findings from the Haystax Insider Attacks Industry Survey, view the full report.
If an organization is not specifically looking for insider attacks, they are simply not seeing them. Insider attacks occur in every industry, and in organizations of every size. Be wary, however, of vendors offering silver bullets (and I am not implying that the vendor in this article does so). Dealing with the unique challenge the insider presents requires a mix of technology, people, and process. It does not need to be overly complicated, time-consuming, or expensive – but there is work to be done and the payoff is worth it. Make no mistake, analytics are a key component to identifying (detecting) and prioritizing insider risk / threat / attacks indicators.