Staffers gone bad or bad decisions — which should you worry about more?

rock scale overlooking water

Insider threats have been in the news quite a bit recently, but insider threats don’t always present themselves as a staffer who has gone bad and is stealing and selling secrets to competitors or other nations. While that does happen, a good portion of the insider threat manifests in insiders who make bad decisions with how they handle data. They’ll email it unencrypted to their home computer, push it to a personal Dropbox account, and otherwise handle confidential data poorly.

Interestingly, while the shift to cloud computing heralded the promise of simplifying enterprise security, when it comes to tracking insiders and data movement, the shift to cloud computing has made detecting such attacks more difficult, according to a new survey conducted within the Cybersecurity Insiders LinkedIn group.

The survey found that respondents are a little more concerned about accidental insider data breaches than maliciously inclined insider threats. In fact, respondents concerned about data breaches accidentally caused by insiders came in at 70%, compared to concerns about maliciously inclined insiders at 62%.

The survey also found 56% of respondents believe that cloud computing is making the detection of dubious insider activity increasingly difficult. The report stated that cybersecurity professionals view cloud storage and file sharing apps as most vulnerable to insider attacks (39%), closely followed by collaboration and communications apps (38%) and productivity apps (35%).

Other important findings from the survey include:

  • 68% of organizations feel moderately to extremely vulnerable to insider attacks
  • 73% confirm insider attacks are becoming more frequent
  • 39% identified cloud storage and file sharing apps as the most vulnerable to insider attacks
  • 56% believe detecting insider attacks has become significantly to somewhat harder since migrating to the cloud
  • 59% think that privileged IT users pose the biggest insider security risk to organizations

Defending against attacks initiated by intelligent adversaries is always challenging, but it’s especially difficult when those attacks launched by intelligent adversaries are trusted insiders. Because, as the report stated, “It can be difficult to determine when users are simply doing their job function or actually doing something malicious or negligent.”

Fifty-nine percent of respondents said that privileged IT users pose the biggest risk to their organizations. That was followed by contractors at 52%. While rank and file employees and privileged business users tied at their perceived risk levels at 49%.

Interestingly, 56% of those surveyed considered themselves only somewhat effective or worse when it comes to monitoring, detecting and responding to insider threats.

When it comes to successfully managing the risks associated with insiders, it often comes to down to effective access management and monitoring. This includes putting into place baseline security controls, including traditional access controls and behavioral access monitoring, and data loss protection monitoring.

The challenge in finding insider data breaches is that these insiders typically are permitted access to the data, so a complete view to identifying abnormal behavior and suspicious data movements is necessary. For those interested in learning more about mitigating their insider risks, the National Cybersecurity and Communications Integration Center provides a guide, Combating the Insider Threat, that is a good starting point.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: