Attacks/Breaches

3/29/2017
06:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Insider Threat Fear Greater Than Ever, Survey Shows

More than half of security pros say insider threat incidents have become more frequent in the past 12 months.

Despite continued spending on security measures for controlling and monitoring access to sensitive data, more organizations than ever feel vulnerable to breaches caused by insiders with legitimate access to enterprise systems.

In a survey of 508 security professionals conducted for Haystax Technology by LinkedIn’s Information Security Community and Crowd Research Partners, 74% of the respondents say their organizations are vulnerable to insider threats. That's a 7% increase from last year's survey by the groups conducting the research.

Fifty-six percent say insider threat incidents have become more frequent in their organization in the last 12 months.

The biggest concern appeared to be centered on accidental data breaches resulting from careless data handling by insiders, with 70% citing this as their biggest insider-threat fear. Almost the same proportion - 68% - fear breaches caused by insider negligence, such as willfully ignoring corporate policies. Concerns about malicious insiders ranked third, at 61%.

"Controls companies have in place for mitigating insider threats have generally not worked, and the facts support this," says Thomas Read, vice president of security analytics at Haystax.

The main reason: they don't address the root causes of insider threats. Typically, behavioral issues such as a lack of empathy or paranoia - combined with personal or organizational stressors such as a poor performance review or financial issues - are major drivers of malcious insider behavior, Read says.

"Controls on endpoints, which is generally where companies focus their insider threat efforts, only control what happens after the person is already intending to attack. An insider with knowledge of those controls will easily find a way around them," he says.

Privileged IT users such as those with access to administrative accounts top the list of people organizations are most concerned about from an insider threat perspective. Six out of ten respondents say these users pose the biggest security risk to their organization, while 57% express similar concerns over contractors, consultants, and temporary workers. Regular employees and privileged business users were the next-most worrisome from a security risk standpoint.

Customer data — because of its perceived value — is the asset that a majority of organizations think is most vulnerable to insider attacks. Financial data and intellectual property are perceived as the next biggest data targets followed by employee, sales and marketing, and healthcare data.

Nearly 60% of the respondents in the Haystax survey point to inadequate data protection strategies as contributing to an increase in insider threats. The increasing number of devices with access to sensitive data, and the increasing use of mobile devices to store and access sensitive data, are also considered major factors to the increase in insider threats.

Big Brother

Organizations trying to get a handle on the problem often have to overcome perceptions about being overbearing and Big Brotherly, Read says. "Communicating to your staff that you will be monitoring them can create trust challenges," he says.

In fact, insider threat program rollouts that are not properly implemented can backfire and actually increase the insider threat problem, he says. "These roll-outs could also negatively impact whistleblower programs and other efforts to make the company more transparent," he says.

The companies that are most successful at addressing the insider threat problem are the ones that have built a program with full engagement and support from both leadership and employees, according to Read. They typically have processes for ensuring that background vetting happens not only before someone is hired, but is conducted on an ongoing basis, Read says. "The selling point, quite simply, is that the background vetting doesn't stop just because you’ve been hired."

Paul Brager, cybersecurity architect at Booz Allen Hamilton, says the psychological and sociological issues behind the malicious insider threat can be daunting.

"Some industries rely on behavioral heuristics to determine which employees are more likely than not to attempt to steal information," he says. However, these models are often highly subjective and based on criteria set by the institution with little science to back it up, says Brager, who will discuss insider threats next month at Interop ITX 2017.

Organizations focused on the insider threat typically leverage technology such as rights management and data leak prevention tools, which allow them to supplement their view of users who have access to sensitive data. Many also implement measures to protect against things like "access creep" to minimize exposure, Brager says.

[Booz Allen's Paul Brager will headline a session on rooting out the insider threat on May 19 at Interop ITX, which runs from May 15-19, at the MGM Grand in Las Vegas. To learn more about his presentation, other Interop security tracks, or to register , click on the live links.]

"The last component of the approach, which is often the most difficult, is the process management effort, where organizations better manage how information is managed and stored," he says. Often this involves data classification and prioritization.

"It is the combination and balancing of these three areas that generally fuel a successful insider threat program, and organizations must invest in all three to be successful," he notes.

Related Content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft, Mastercard Aim to Change Identity Management
Kelly Sheridan, Staff Editor, Dark Reading,  12/3/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-19991
PUBLISHED: 2018-12-10
VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-2018-9230.
CVE-2018-19653
PUBLISHED: 2018-12-09
HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.
CVE-2018-19982
PUBLISHED: 2018-12-09
An issue was discovered on KT MC01507L Z-Wave S0 devices. It occurs because HPKP is not implemented. The communication architecture is APP > Server > Controller (HUB) > Node (products which are controlled by HUB). The prerequisite is that the attacker is on the same network as the target HU...
CVE-2018-19983
PUBLISHED: 2018-12-09
An issue was discovered on Sigma Design Z-Wave S0 through S2 devices. An attacker first prepares a Z-Wave frame-transmission program (e.g., Z-Wave PC Controller, OpenZWave, CC1110, etc.). Next, the attacker conducts a DoS attack against the Z-Wave S0 Security version product by continuously sending ...
CVE-2018-19980
PUBLISHED: 2018-12-08
Anker Nebula Capsule Pro NBUI_M1_V2.1.9 devices allow attackers to cause a denial of service (reboot of the underlying Android 7.1.2 operating system) via a crafted application that sends data to WifiService.