Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

12 Surprising Facts You Didn’t Know About Insider Threats

DZone's Guide to

12 Surprising Facts You Didn’t Know About Insider Threats

When a data leak occurs, you might automatically think of some hooded-hacker, hiding in a shabby apartment. But, a lot of breeches come from employees.

· Security Zone
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

In the modern digital age, information security is a larger concern than it has ever been before. Sensitive information can be stolen in huge quantities, and the perpetrator never even needs to enter the property. This leads many businesses to primarily focus on the threats that exist from outside actors, but this is at the expense of paying inadequate attention to the threats that may exist from insiders (Insider Threats).

You want to trust your employees, and you have probably done some vetting to ensure that you can trust those with access to information, but this is not always enough. In this article, we are going to look at twelve surprising facts that may change the way that you look at insider threats.

1. Insider Activity Costs Companies an Average of 244,542 Per Year

When it comes to insider threats, one point that is often overlooked is the money that these events cause the companies that are impacted by them. While most will not suffer a major attack that costs into the millions of dollars, the threat of significant loss is still there.

In a 2015 report from the Ponemon Institute, it was found that attacks from insiders were some of the most costly. On average, these cost companies an average of $144,452 per year. With many companies still failing to realize the full scope of this threat, this is a figure that is likely to increase in the future.

2. Most Organizations Worry More About Negligent Insiders Than Malicious Insiders

Frequency by Type

When it comes to insider threats, many organizations rightly tend to worry more about insider negligence than they do about malicious insiders. A negligent insider has no ill will or bad intentions. They cause a security breach through carelessness or simply because they are unaware of the proper security protocols. One reason for the heightened concern for threats that occur through negligence is that they are the most common.

While there is a good reason to be concerned with negligent insiders, there is much about the issue that needs to be understood. As these charts from Dtex Systems illustrate, security that concerns insider threats is a complicated matter.

costindividualincidents

If you count the cost on a per attack basis, a single malicious attack costs more on average than a single act of negligence. That said, the bigger financial risk does still come from negligence. The high volume of threats caused by negligent insiders makes the total annual cost greater.

annualizedcosts

3. Compromised Information Comes From Employees and Third-Party Users Much More Frequently Than Privileged Users

When you talk about insiders in this context, you are generally talking about three different groups of people. You have you employees, third-party users, and privileged users.

For most companies, employees are the largest group and they are likely to have limited access to files, programs, and information. Third-party users could be offsite contractors that access your system for a variety of reasons. Your privileged users are the people in charge of account management and administration.

In general, the lowest threat is going to come from your privileged users. This is, in part, because there are very few of them, but in addition to that, they usually have better training and a better understanding of account security, so they are less likely to act negligently.

Even with that being true, you can’t ignore the potential for a threat from privileged users. The high level of access that they have can make for a breach that is particularly damaging. 

4. Apps Present Vulnerabilities and These 3 Are the Riskiest

There is no doubt that cloud applications have greatly expanded the ability to do business. With these applications, employees can perform a range of tasks with much less effort and several processes can be streamlined in ways that would not have been possible with on-site programs.

However, they do present risks that were not there in the past. Monitoring activity across all of these apps can be difficult, and it can be hard to tell what is normal use and what is not.

If you are looking for the types of apps that create the greatest risk of an attack, there are three types that deserve special attention:

  • CRM apps can be good for improving the way that you serve customers, but the centralization of this data increases the possibility of a large data theft.
  • An e-commerce app may help to facilitate transactions, but they can also expose customer data to risk.
  • Apps for financial services might work well for helping your employees to access the information that they need, but they often allow them to have access to more information than they need.

5. Malicious Attacks Cost More and Take Longer to Identify Than Negligent Attacks

As we mentioned before, a malicious attack will cost more on a per attack basis than a negligent attack. To make these threats even worse, they also tend to take a longer time to identify. This is part of what can make them so costly. The malicious insider has a lot of time to steal information and carry out whatever activity they are doing to harm your company.

It is bad enough that an attack happens at all, but with any attack, time is of the essence. The longer an attack is left unidentified, the greater the cost and the more damage that is inflicted. For many businesses, this makes malicious attacks especially troubling.

6. User Logs Often Don’t Provide Enough Evidence to Prove Actions

The prevention and identification of insider threats depend upon the ability to monitor employee activity. To achieve this, many companies rely on the user logs that come from the apps and systems that they use. While these logs can be useful, there are some ways that they come up short.

Logs can often be dense and packed with hard to decipher technical language. In addition to that, a savvy insider may know how to cover or obscure some of the malicious activity. If a privileged user goes rogue, they can make it very difficult to trace the threat back to them.

7. Insider Threats Take 54.4 Days to Be Resolved on Average

Finding a threat early is the key to containment and resolution. If you have a malicious actor that is working on your system in some way, they could cause all sorts of problems. A company has to identify these threats and put a stop to them as soon as possible.

In the previously mentioned report from the Ponemon Institute, they found that the average threat takes 54.4 days to be resolved. In that amount of time, a lot of information can be compromised, and it could run your company a high cost.

8. Data Leaks Are the Most Common Types of Incidents From Insiders

When it comes to insider threats, the most common type of incident involves data leaks. Close to half of all insider attacks involve leaked data, but it is by no means the only problem. Close behind that, companies have experienced fraud as the result of an insider attack, and you also have incidents that involve issues like data breaches and IP theft.

9. Insider Threats Are Discovered Most Frequently by the IT Department

You may assume that your security team is the department that you can most depend on when it comes to catching an insider threat. However, it has been found that it is the IT department. Behind them, the next most likely group to catch a threat is a fellow employee.

10. The Majority of Organizations Are Not Prepared for Insider Threats

In a survey of IT professionals, it has been found that most companies are not prepared for the potential of insider threats. Not only are most companies incapable of deterring the threat, but most also believe that they lack the necessary capabilities to detect and respond to it.

11. The Biggest Source of Losses Was From Servers

A loss of data can come from any number of different places. If you are looking for the place where the biggest losses occur, it is servers. According to a report from the Aite Group, losses that come from servers can be close to twice as much as the losses that will occur from any other single source.

In fact, these losses equaled the total of the next two most common causes combined. Servers were the top cause at 31%, and that was followed by printed records (17%) and email (14%).

12. You Can Gain Control With the Right Solution

With insider threats having the potential to cause so much harm, you would think that more companies would have a handle on what to do. The reason that so many are ill prepared is that they are unsure of what steps can be taken.

Along with setting clear security protocols for users, monitoring is one of the most important elements toward establishing a defense against insider threats. A good monitoring solution will be able to track user activity and make sense of the data that comes from the many applications and processes that are critical to security.

Now that you have a better understanding of insider threats, you can start on your way to protecting your information from vulnerability. While you may not need to look at every employee with a suspicious eye, you do need to have the right security protocols and monitoring to keep your company safe.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
insider threats ,security ,vulnerabilities

Published at DZone with permission of Oliver Bock. See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}