Spending on cybersecurity defenses has increased to reduce the risk of attacks by cybercriminals, yet organizations still feel vulnerable to insider threats. Furthermore, insider threats have increased in the past 12 months, according to a recent survey conducted on U.S. IT security professionals.
508 IT security professionals were surveyed by LinkedIn’s Information Security Community and Crowd Research Partners in a study conducted for Haystax Technologies.
The study revealed that 74% of IT security pros feel their organization is vulnerable to attacks by insiders. That represents a 7% increase in the perceived threat level in the space of a year.
More than half of surveyed IT security professionals also said the number of insider threats had increased in the past 12 months. 56% said insider incidents were more common in their organization than 12 months ago.
Insider threats are classed as incidents involving malicious insiders as well as errors made by employees that have resulted in accidental data breaches. The biggest problem is careless data handling by employees, which was rated as the biggest fear by 70% of respondents. The second biggest problem was employees ignoring company policies put in place to prevent data breaches, which was rated as a major concern by 68% of respondents. 61% of respondents were concerned about malicious insiders.
The biggest perceived threat is employees with high levels of privileges, which was ranked as the biggest threat by 60% of respondents. In close second was contractors, temporary workers, and consultants, which were rated as a major threat by 57% of surveyed IT security pros.
The biggest risks were inadequate data protection strategies: Rated as the main risk by 60% of respondents. However, other serious risks were the number of mobile devices that were now being used to store sensitive information and the number of devices that could be used to access sensitive data.
Many organizations have implemented controls to detect insider incidents, although all too often those controls are ineffective. Any malicious insider that is aware of the controls that have been installed could find a way to bypass those controls if they are intent on stealing data.
There are a number of controls that can be adopted to reduce the risk of insider incidents. Thomas Read, vice president of security analytics at Haystax, suggests background vetting is essential, but that it should not be seen as a one-time task. Background checking should occur prior to hiring a new member of staff, but the process should not stop there. It should be an ongoing process.
The use of behavioral heuristics to identify threats is also beneficial, as are data leak prevention tools and rights management technology. Organizations should also improve how data are managed and stored to reduce exposure.
Staff members should also be made aware that their actions are being monitored. However, in the case of the latter, Read said “Communicating to your staff that you will be monitoring them can create trust challenges.” That could potentially increase the risk of insider breaches by negatively impacting whistleblower programs and efforts made by the company to improve transparency.
The best programs to tackle the insider threat incorporate all of these controls, although getting the right balance can be a serious challenge.