by D. Howard Kass • Jan 25, 2023
Insider threats are a top concern at organizations of all kinds, a new study of some 325 cybersecurity professionals that are “in the trenches working to mitigate insider threats” uncovered.
Only 3% Not Concerned with Insider Risk
Gurucul, a security information and event management (SIEM) and Cybersecurity Insiders, a 600,000-plus member online community for information security professionals, found in their annual 2023 Insider Threat Report that only 3% of respondents surveyed are not concerned with insider risk.
Among all potential insiders, cybersecurity professionals are most concerned about IT users and admins with far-reaching access privileges (60%). This is followed by third-party contractors (such as MSPs and MSSPs) and service providers (57%), regular employees (55%), and privileged business users (53%).
The research also found that more than half of organizations in the study had been victimized by an insider threat in the past year. According to the data, 75% of the respondents believe they are moderately to extremely vulnerable to insider threats, an 8% spike from last year. That coincided with a similar percentage who said attacks have become more frequent, with 60% experiencing at least one attack and 25% getting hit by more than six attacks.
Organizations struggling with insider threats in the cloud often don’t have the necessary technical capabilities in place to detect and prevent them, the report said. While nearly nine in 10 organizations consider unified visibility and control across all apps, devices, web destinations, on-premises resources, and infrastructure to be moderately to extremely important, slightly less than half monitor for unusual behavior.
More Findings from the Report
Some additional key findings from the report include:
- The top factors that make timely detection and prevention of insider attacks difficult include trusted insiders that already have credentialed access to apps, networks, and services (54%), the increased use of SaaS apps that can leak data (44%), and an increase in personal device use with access to corporate resources (42%).
- The rising threat of insider attacks is a strong driver for organizations to implement formal insider risk programs. 39% of organizations already have an insider threat program in place. Another 46% are planning to add insider threat programs in the future, a rise of 5% over the prior year.
- The shift to hybrid and remote work has aggravated insider risk, as 68% of security pros are concerned or very concerned about insider risk considering a post-Covid return to the office or a permanent hybrid work model.
- Compromised accounts/machines are the most concerning type of attack at 77%, but inadvertent and negligent data breaches were more concerning than malicious breaches.
Saryu Nayyar, Gurucul chief executive, explained how he was surprised to learn that access logging was the primary way to monitor user behavior and that only one in four organizations are using automation to monitor user behavior 24×7:
“The types of monitoring and analytics used to detect insider threats vary widely between organizations. This highlights the need for better tools and processes to analyze data behavior, user behavior, access and movement across a network both internally and externally to detect and prevent insider attacks.”