Why organizations feel vulnerable to insider attacks
More than half of cybersecurity professionals believe detecting insider attacks has become harder since the migration to the cloud.
Many organizations focus their security efforts on defending themselves against outside threats such as hackers, malware, and denial-of-service attacks. And certainly those types of threats pose a danger and should always be on the radar of security professionals.
But insider attacks can often be just as dangerous, if not more so, thus also requiring the attention of IT staff and other personnel. Such attacks can occur maliciously by employees looking to hurt the company through theft or sabotage. But they can also occur accidentally as a result of employees making mistakes or inadvertently leaking data.
Security professionals usually understand the risks of insider attacks, but many feel their organizations are more vulnerable to them, according to a study released on Wednesday as produced by Cybersecurity Insiders and sponsored by Securonix.
SEE: IT leader’s guide to reducing insider security threats (TechRepublic Premium)
Based on a survey of more than 300 cybersecurity professionals, the “2019 Insider Threat Report” found that 70% of the respondents were concerned about inadvertent insider breaches, such as a careless user causing an accidental breach. Some 66% were worried about negligent data breaches triggered by users ignoring company policy but without a malicious intent. And 62% were concerned about malicious incidents from users willfully trying to harm the company.
Insider attacks occur for various reasons. Asked to comment on the motivations for these types of attacks, 57% of the respondents pointed to fraud, 50% to monetary gain, and 43% to the theft of intellectual property. Looking at the kinds of users who pose the biggest insider security risk to their organizations, 59% of those surveyed cited privileged IT users, 52% pointed to contractors, 49% to regular employees, and 49% to privileged business users.
Accidental insider threats can pose a larger risk to organizations than can intentional attacks. But which areas are the most vulnerable to accidental threats? A full 43% of the respondents cited phishing attacks that trick employees into sharing sensitive company information. Some 24% pointed to weak passwords, 15% referred to spear-phishing attacks targeted to specific individuals, and 15% cited orphaned accounts.
Data leakage or theft is always a concern for security professionals both from outside and inside the company. Asked which type of data is most vulnerable to insider attacks, 63% of the respondents pointed to customer data, 55% to intellectual property, and 52% to financial data. Exposure of employee data, company data, sales and marketing data, and healthcare data also were cited as areas of concern.
SEE: Phishing and spearphishing: An IT pro’s guide (free PDF) (TechRepublic)
Cloud: Potential trouble spot
The cloud appeared in the survey as a potential trouble spot. Among those surveyed, 39% pointed to cloud storage and file sharing apps such as OneDrive and Dropbox as most vulnerable to insider attacks, followed by 38% who cited communication and collaboration apps such as email and messaging, and 35% who pointed to productivity apps such as Office 365. Some 56% of the respondents said they believe the shift to cloud computing has made it more difficult to detect insider attacks. But only 40% said that they monitor their cloud footprint for abnormal user activity.
Insider attacks pose enough of a concern that most organizations do have certain tools in place to deal with them. Some 68% of those surveyed said they feel anywhere from moderately to extremely vulnerable to insider attacks. While 49% said they feel they have the right controls to prevent an insider attack, 28% said they do not, and 23% said they were not sure. Most of the respondents use some type of analytics to determine insider threats with 32% relying on activity management and summary reports, 29% on user behavior analytics, 28% on data access and movement analytics, and 14% on predictive analytics.
Detection and prevention becomes more difficult
But detecting and preventing insider attacks is a more difficult process than it was a year ago, according to the survey. And that’s due to a number of factors. Some 56% of the respondents said the process is more challenging because of insiders who already have credentialed access to the network and services. Some 46% pointed to the increased use of applications that can leak data, such as web-based email and social media. And 45% cited an increase in the amount of data that leaves protected perimeters.
Other factors that challenge IT pros trying to prevent insider attacks included: More end-user devices capable of theft, the migration of sensitive data to the cloud along with the adoption of cloud apps, the greater technical sophistication of insiders, and the difficulty in detecting rogue devices introduced into the network.
As such, insider attacks are on the rise. A full 70% of respondents said that these types of attacks have become more frequent over the past 12 months. Some 39% said their organizations have experienced from one to five insider attacks over the last year, while 14% have been hit by six to 10 such attacks. And such attacks can be costly. While 53% of those surveyed estimated the cost of dealing with an insider attack at under $100,000, 31% pegged the damages at between $100,000 and $500,000.