Cyber security threats from external attackers are a constant worry for all organizations, as evidence by the many recent, headline-grabbing Ransomware data breaches such as WannaCry, Petya, Bad Rabbit.
However, today’s most damaging cyber security threats are not just originating from malicious outsiders or malware, but from insider threats. In fact, according to the 2018 Insider Threat Report by Cybersecurity Insiders, two-thirds of organizations (66%) consider malicious insider attacks or accidental breaches more likely than external attacks!
The trusted insider roams freely within the walls of your network with little oversight or accountability. Protected data and intellectual property lie within a keystroke of anyone with access, putting your organization at risk, every second of every day. The main problem here is that most companies simply have TOO MANY over-privileged users, meaning users that have more permissions than they need to do their job.
Insider threats come in many shapes and sizes. Maybe you are dealing with an intentionally malicious employee like our fictional character “Disgruntled Dan”.
Or many times, the most common insider threats result from accidental human error. Some privileged user makes a change (often, by accident) that causes issues or opens security gaps. Downstream this can lead to bad things like data loss or compliance risk. We call this use case “Careless Craig”.
Both characters are featured in our latest Hank the Hacker video.
Consider a few other interesting data points from the 2018 Insider Threat Report:
- 90% of organizations are vulnerable to insider threats because of a large number of users and devices with excessive access to sensitive data — especially Active Directory, databases and file shares.
- 53% have confirmed insider attacks against their organization in the previous 12 months
- Organizations are shifting their focus on insider threat detection (64%), followed by deterrence methods (58%), and analysis and post breach forensics (49%).
- The use of user behavior monitoring is accelerating; 94% of organizations deploy some method of monitoring users and 93% monitor access to sensitive data.
- The vast majority (86%) of organizations already have or are building an insider threat program.
As you will learn when reading the full report, while most organizations are shifting their focus on threat detection, prevention and insider threat analysis, organizations still lack the training and expertise, technology, collaboration and budget when it comes to insider threat management.
Check out the 2018 Insider Threat Report, where cyber security expert Holger Schulze explores many more of the latest trends and challenges regarding insider threat awareness and defense strategies.