Vulnerabilities / Threats

8/1/2018
10:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Research Reveals Major Insider Threat Disconnect in the Workplace: ObserveIT

Majority of respondents say they understand the definition of an insider threat, but data shows the insider threat risk is growing rapidly.

BOSTON – August 1, 2018 – ObserveIT, the leading insider threat management provider with more than 1,700 customers around the world, today released the Multigenerational Workforce and Insider Threat Risk study that reveals the disconnect between cybersecurity awareness and insider threat risk, and the differences in generational cybersecurity awareness within the workplace. ObserveIT surveyed more than 1,000 full-time employees ages 18-65+ at organizations with more than 500 employees on their understanding and awareness of cybersecurity programs. The results show the majority (65 percent) of respondents reported they understand the definition of an insider threat.

The data indicates 64 percent of respondents agree careless employees or contractors are the most common cause of insider threats. This directly correlates with recent data from the Ponemon Institute showing negligent insider actions caused 64 percent of all insider threat incidents in the past 12 months.

The Ponemon data also shows the risk posed by insider threats is growing year-over-year. Since 2016, the average number of incidents involving employee or contractor negligence has increased by 26 percent and the cost to contain an incident in North America has risen to $11.01 million.

The fact that employees self-report understanding insider threats and adhering to cybersecurity policies, while insider threat-related incidents continue to rise, indicates organizations may have a false sense of security based on their expectations of employees’ understanding of insider threats. Lack of consistent understanding around the risks posed by insider threat activity can introduce accidental or negligent insider threat behavior within the workplace. And, the increased risk of insider threats is costing organizations significant money and resources as these threats can be difficult to detect, identify and prevent without the right processes and technology in place.

“While the threat of the insider continues to grow, this research proves that when it comes to cybersecurity awareness and insider threat prevention, organizations need to take a holistic approach to cybersecurity and focus on people first, then processes and technology,” said ObserveIT CEO Mike McKee. “With a new generation entering the workforce, organizations should increase security awareness training for new hires and implement processes and technology to ensure both employees and contractors with access to systems and data understand and adhere to the company cybersecurity policy to prevent insider threats.” 

Key findings from the survey include:

  • The Risk of the Accidental Insider: Almost two-thirds (61 percent) of respondents say they know what an insider threat is. However, this points to the dangers posed by naïve employees who may not understand the hidden dangers of insider threats, or who may only define insider threats as purely malicious in intent rather than malicious and negligent behavior.
  • The Generational Divide: Generation X and Baby Boomers are the least risky generations within the workplace, as 90 percent of 45-54 year olds and 55-64 year olds report they follow their company’s cybersecurity policy.
  • Entrants to the Workforce Present Challenges: Generation Z poses the highest overall cybersecurity risk to organizations, as more than one-third (34 percent) of 18-24 year olds report that they don’t know nor understand what is included within their company’s cybersecurity policy. This group was also the most likely of any generation to report that they do not follow their company’s cybersecurity policy, even if they do understand it.  

To review the results of ObserveIT’s Multigenerational Workforce and Insider Threat Risk study, visit here.

For more information on ObserveIT and to review the 2018 Ponemon Institute Cost of Insider Threats: Global Organizations study, visit here.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Starwood Breach Reaction Focuses on 4-Year Dwell
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: I guess this answers the question: who's watching the watchers?
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20050
PUBLISHED: 2018-12-10
Mishandling of an empty string on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via the ONVIF GetStreamUri method and GetVideoEncoderConfigurationOptions method.
CVE-2018-20051
PUBLISHED: 2018-12-10
Mishandling of '>' on the Jooan JA-Q1H Wi-Fi camera with firmware 21.0.0.91 allows remote attackers to cause a denial of service (crash and reboot) via certain ONVIF methods such as CreateUsers, SetImagingSettings, GetStreamUri, and so on.
CVE-2018-20029
PUBLISHED: 2018-12-10
The nxfs.sys driver in the DokanFS library 0.6.0 in NoMachine before 6.4.6 on Windows 10 allows local users to cause a denial of service (BSOD) because uninitialized memory can be read.
CVE-2018-1279
PUBLISHED: 2018-12-10
Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configured in a multi-tenant cluster. A remote attacker who can gain information about the network topology can guess this cookie and, if they have access to the right ports on ...
CVE-2018-15800
PUBLISHED: 2018-12-10
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.