Attacks/Breaches
3/29/2017
06:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Insider Threat Fear Greater Than Ever, Survey Shows

More than half of security pros say insider threat incidents have become more frequent in the past 12 months.

Despite continued spending on security measures for controlling and monitoring access to sensitive data, more organizations than ever feel vulnerable to breaches caused by insiders with legitimate access to enterprise systems.

In a survey of 508 security professionals conducted for Haystax Technology by LinkedIn’s Information Security Community and Crowd Research Partners, 74% of the respondents say their organizations are vulnerable to insider threats. That's a 7% increase from last year's survey by the groups conducting the research.

Fifty-six percent say insider threat incidents have become more frequent in their organization in the last 12 months.

The biggest concern appeared to be centered on accidental data breaches resulting from careless data handling by insiders, with 70% citing this as their biggest insider-threat fear. Almost the same proportion - 68% - fear breaches caused by insider negligence, such as willfully ignoring corporate policies. Concerns about malicious insiders ranked third, at 61%.

"Controls companies have in place for mitigating insider threats have generally not worked, and the facts support this," says Thomas Read, vice president of security analytics at Haystax.

The main reason: they don't address the root causes of insider threats. Typically, behavioral issues such as a lack of empathy or paranoia - combined with personal or organizational stressors such as a poor performance review or financial issues - are major drivers of malcious insider behavior, Read says.

"Controls on endpoints, which is generally where companies focus their insider threat efforts, only control what happens after the person is already intending to attack. An insider with knowledge of those controls will easily find a way around them," he says.

Privileged IT users such as those with access to administrative accounts top the list of people organizations are most concerned about from an insider threat perspective. Six out of ten respondents say these users pose the biggest security risk to their organization, while 57% express similar concerns over contractors, consultants, and temporary workers. Regular employees and privileged business users were the next-most worrisome from a security risk standpoint.

Customer data — because of its perceived value — is the asset that a majority of organizations think is most vulnerable to insider attacks. Financial data and intellectual property are perceived as the next biggest data targets followed by employee, sales and marketing, and healthcare data.

Nearly 60% of the respondents in the Haystax survey point to inadequate data protection strategies as contributing to an increase in insider threats. The increasing number of devices with access to sensitive data, and the increasing use of mobile devices to store and access sensitive data, are also considered major factors to the increase in insider threats.

Big Brother

Organizations trying to get a handle on the problem often have to overcome perceptions about being overbearing and Big Brotherly, Read says. "Communicating to your staff that you will be monitoring them can create trust challenges," he says.

In fact, insider threat program rollouts that are not properly implemented can backfire and actually increase the insider threat problem, he says. "These roll-outs could also negatively impact whistleblower programs and other efforts to make the company more transparent," he says.

The companies that are most successful at addressing the insider threat problem are the ones that have built a program with full engagement and support from both leadership and employees, according to Read. They typically have processes for ensuring that background vetting happens not only before someone is hired, but is conducted on an ongoing basis, Read says. "The selling point, quite simply, is that the background vetting doesn't stop just because you’ve been hired."

Paul Brager, cybersecurity architect at Booz Allen Hamilton, says the psychological and sociological issues behind the malicious insider threat can be daunting.

"Some industries rely on behavioral heuristics to determine which employees are more likely than not to attempt to steal information," he says. However, these models are often highly subjective and based on criteria set by the institution with little science to back it up, says Brager, who will discuss insider threats next month at Interop ITX 2017.

Organizations focused on the insider threat typically leverage technology such as rights management and data leak prevention tools, which allow them to supplement their view of users who have access to sensitive data. Many also implement measures to protect against things like "access creep" to minimize exposure, Brager says.

[Booz Allen's Paul Brager will headline a session on rooting out the insider threat on May 19 at Interop ITX, which runs from May 15-19, at the MGM Grand in Las Vegas. To learn more about his presentation, other Interop security tracks, or to register , click on the live links.]

"The last component of the approach, which is often the most difficult, is the process management effort, where organizations better manage how information is managed and stored," he says. Often this involves data classification and prioritization.

"It is the combination and balancing of these three areas that generally fuel a successful insider threat program, and organizations must invest in all three to be successful," he notes.

Related Content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.