Most companies are failing to guard against internal threats in the same way they shield against external attackers, a new report from cybersecurity firm Imperva suggests.
There are numerous reasons for this behavior, from budget constraints, to the lack of in-house expertise. However, many companies are simply oblivious to the dangers posed by insider threats.
Imperva surveyed 464 security and IT professionals with responsibility for managing insider threats for their organization and found that 59% prioritize external threats over internal ones. However, the majority of incidents (59%) in EMEA over the last twelve months were caused by insiders.
Downplaying the threat
Drilling deeper into the reasons for downplaying insider threats, Imperva found that 39% of companies lack the necessary budget. Approximately the same percentage (38%) cited lack of internal expertise, while 29% said they didn’t see insiders as a “substantial threat”.
A third (33%) said they didn’t have executive sponsorship, and were thus indifferent to insider threats, while 70% said they didn’t have an insider risk management strategy. More than half (58%) lack a dedicated insider threat team.
An insider threat may sound ominous, but often there is no little malice involved on the part of the employee.
Sometimes, employees take sensitive data with them when moving onto a new position, believing the information will help them in their new position. However, doing so exposes their previous employer to a potential data breach.
In other instances, workers act recklessly, taking away storage devices and other endpoints (opens in new tab) with sensitive data, without double-checking their contents. Others accidentally invite threat actors into the corporate network after falling for a phishing scam, leading to a malware (opens in new tab) infection.
Of all the major breaches that happened in the last five years, a quarter (24%) were caused by human error.
“It is imperative that organizations add insider risk to their overall data protection strategy. An effective insider threat detection system needs to be diverse, combining several tools to not only monitor insider behavior, but also filter through the large number of alerts and eliminate false positives,” said Chris Waynforth, AVP Northern Europe at Imperva.
“Also, as protection of a companies’ intellectual property begins at the data layer, a comprehensive data protection plan must include a security tool that protects the data layer.”