More than 50 per cent of organizations say their systems have been attacked by insiders within the last 12 months, according to a new survey.
The 2018 Cybersecurity Insider Threat Report also reveals that 90 per cent of organizations feel vulnerable to a threat from insiders.
“Many organizations have protection in place to stop outside threats, but nothing to guard against the insider who goes rogue,” said Robert Marti, director, privileged access management with CA Technologies, at a recent ITWC webinar. “It’s no wonder they feel vulnerable.”
The report, sponsored by CA Technologies, shows that two-thirds of organizations now consider malicious attacks or accidental breaches by insiders to be more likely than external attacks.
“To prepare a strategy, the findings show that an equal amount of attention is needed to deal with outside threats, malicious inside threats and accidental inside threats,” said Marti.
Reasons to worry
Organizations that protect against insider threats tend to focus on the privileged IT users, like system administrators, said Marti. However, the survey found that regular employees are just as much of a threat since an increasing number of them have access to sensitive data. “A privileged user is anyone that has access to data which, if compromised, would cause significant damage to an organization,” said Marti. People should also pay more attention to contractors, temporary workers and service providers, he added.
Companies must also protect against stolen login credentials. The survey shows that the culprits gain access to confidential information by phishing or by exploiting weak or shared passwords, and unsecured devices and networks. The most vulnerable systems are databases, file servers and cloud infrastructure.
Only 17 per cent of respondents stated that they could detect and prevent an attack within minutes. This means that the majority of organizations can’t stop an attack until hours after it starts. “That’s too long,” said Marti. “By this time, significant damage may already have been done.”
Insider attacks cause just as much damage as external ones, if not more so, said Marti. Twenty-seven per cent of the survey respondents estimated that the potential loss for an insider attack was between $100 and $500 thousand dollars. This starts to add up given that many organizations report a number of attacks each year. “Those numbers certainly help justify getting some technology in place to counter the threat,” said Marti.
Best practices to protect your information
Marti recommends a layered security approach based on six best practices to address insider threats:
- Secure privileged accounts and passwords.
- Help employees understand the risks. “Security has to be part of the DNA of an organization. It’s not enough to provide training once a year,” said Marti.
- Implement a program to limit user access to only the resources necessary to do the job on a daily basis.
- Establish an insider program with authentication, credential management and access policies that are enforced.
- Locate and encrypt sensitive data.
- Don’t stop improving your security posture. The hackers will find ways around static defences.
“At the end of the day, it’s like saying you’re going to lock your doors at night,” says Marti. “It’s something everyone should be doing.”
Click here to read the 2018 Cybersecurity Insider Threat Report.