Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

3/29/2017
06:00 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Insider Threat Fear Greater Than Ever, Survey Shows

More than half of security pros say insider threat incidents have become more frequent in the past 12 months.

Despite continued spending on security measures for controlling and monitoring access to sensitive data, more organizations than ever feel vulnerable to breaches caused by insiders with legitimate access to enterprise systems.

In a survey of 508 security professionals conducted for Haystax Technology by LinkedIn’s Information Security Community and Crowd Research Partners, 74% of the respondents say their organizations are vulnerable to insider threats. That's a 7% increase from last year's survey by the groups conducting the research.

Fifty-six percent say insider threat incidents have become more frequent in their organization in the last 12 months.

The biggest concern appeared to be centered on accidental data breaches resulting from careless data handling by insiders, with 70% citing this as their biggest insider-threat fear. Almost the same proportion - 68% - fear breaches caused by insider negligence, such as willfully ignoring corporate policies. Concerns about malicious insiders ranked third, at 61%.

"Controls companies have in place for mitigating insider threats have generally not worked, and the facts support this," says Thomas Read, vice president of security analytics at Haystax.

The main reason: they don't address the root causes of insider threats. Typically, behavioral issues such as a lack of empathy or paranoia - combined with personal or organizational stressors such as a poor performance review or financial issues - are major drivers of malcious insider behavior, Read says.

"Controls on endpoints, which is generally where companies focus their insider threat efforts, only control what happens after the person is already intending to attack. An insider with knowledge of those controls will easily find a way around them," he says.

Privileged IT users such as those with access to administrative accounts top the list of people organizations are most concerned about from an insider threat perspective. Six out of ten respondents say these users pose the biggest security risk to their organization, while 57% express similar concerns over contractors, consultants, and temporary workers. Regular employees and privileged business users were the next-most worrisome from a security risk standpoint.

Customer data — because of its perceived value — is the asset that a majority of organizations think is most vulnerable to insider attacks. Financial data and intellectual property are perceived as the next biggest data targets followed by employee, sales and marketing, and healthcare data.

Nearly 60% of the respondents in the Haystax survey point to inadequate data protection strategies as contributing to an increase in insider threats. The increasing number of devices with access to sensitive data, and the increasing use of mobile devices to store and access sensitive data, are also considered major factors to the increase in insider threats.

Big Brother

Organizations trying to get a handle on the problem often have to overcome perceptions about being overbearing and Big Brotherly, Read says. "Communicating to your staff that you will be monitoring them can create trust challenges," he says.

In fact, insider threat program rollouts that are not properly implemented can backfire and actually increase the insider threat problem, he says. "These roll-outs could also negatively impact whistleblower programs and other efforts to make the company more transparent," he says.

The companies that are most successful at addressing the insider threat problem are the ones that have built a program with full engagement and support from both leadership and employees, according to Read. They typically have processes for ensuring that background vetting happens not only before someone is hired, but is conducted on an ongoing basis, Read says. "The selling point, quite simply, is that the background vetting doesn't stop just because you’ve been hired."

Paul Brager, cybersecurity architect at Booz Allen Hamilton, says the psychological and sociological issues behind the malicious insider threat can be daunting.

"Some industries rely on behavioral heuristics to determine which employees are more likely than not to attempt to steal information," he says. However, these models are often highly subjective and based on criteria set by the institution with little science to back it up, says Brager, who will discuss insider threats next month at Interop ITX 2017.

Organizations focused on the insider threat typically leverage technology such as rights management and data leak prevention tools, which allow them to supplement their view of users who have access to sensitive data. Many also implement measures to protect against things like "access creep" to minimize exposure, Brager says.

[Booz Allen's Paul Brager will headline a session on rooting out the insider threat on May 19 at Interop ITX, which runs from May 15-19, at the MGM Grand in Las Vegas. To learn more about his presentation, other Interop security tracks, or to register , click on the live links.]

"The last component of the approach, which is often the most difficult, is the process management effort, where organizations better manage how information is managed and stored," he says. Often this involves data classification and prioritization.

"It is the combination and balancing of these three areas that generally fuel a successful insider threat program, and organizations must invest in all three to be successful," he notes.

Related Content:

 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Healthcare Industry Sees Respite From Attacks in First Half of 2020
Robert Lemos, Contributing Writer,  8/13/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: It's a technique known as breaking out of the sandbox kids.
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20383
PUBLISHED: 2020-08-13
ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links.
CVE-2020-24348
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24349
PUBLISHED: 2020-08-13
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVE-2020-7360
PUBLISHED: 2020-08-13
An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartControl version 4.3.15 and versions released before April 15, 2020 may allow an authenticated user to escalate privileges by placing a specially crafted DLL file in the search path. This issue was fixed in version 1.0.7, which was r...
CVE-2020-24342
PUBLISHED: 2020-08-13
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.