Insider threat is a top concern for organizations of all kinds, new research reveals nearly 325 cybersecurity professionals “working on the front lines to mitigate insider threat” .
Only 3% are not interested in insider risk
Gurucul, a security information and event management (SIEM), and Cybersecurity Insiders, an online community for information security professionals with more than 600,000 members, published their 2023 Annual Insider Threat Report on Surveyed Respondents. found that only 3% of respondents were not concerned about insider risk.
Of all potential insiders, cybersecurity professionals are most concerned about IT users and administrators with extensive access (60%). This is followed by third-party contractors (such as MSPs and MSSPs) and service providers (57%), full-time employees (55%), and privileged business users (53%).
The survey also found that more than half of the organizations participating in the survey had suffered an insider threat in the past year. The data shows that 75% of respondents consider themselves moderately to very vulnerable to insider threats, up 8% from last year. This is consistent with a similar proportion who said their attacks had become more frequent, with 60% having at least one attack he had and 25% having six or more of her attacks.
Organizations suffering from insider threats in the cloud often lack the technical capabilities needed to detect and prevent threats, says the report. Nearly 9 in 10 organizations consider unified visibility and control across all apps, devices, web destinations, on-premises resources, and infrastructure to be moderately to very important, but just under half is monitoring for unusual behavior.
Other findings from the report
Other key findings from the report include:
- Key factors complicating the timely detection and prevention of insider attacks include trusted insiders (54%) who already have entitlements to access apps, networks, and services; Increased use of SaaS apps (44%) and increased use of personal devices to access corporate resources (42%).
- The growing threat of insider attacks is a powerful impetus for organizations to implement formal insider risk programs. 39% of organizations already have an insider threat program in place. A further 46% plan to add an insider threat program in the future, up 5% from the previous year.
- The move to hybrid and remote work exacerbates insider risk. 68% of security professionals are concerned or very concerned about insider risk given their return to the office post-COVID-19 or permanent hybrid work models.
- Compromised accounts/machines are the most concerning type of attack at 77%, but inadvertent or accidental data breaches are more of a concern than malicious breaches.
Saryu Nayyar, CEO of Gurucul, said that access logging is the primary method of monitoring user behavior, with 4 organizations using automation to monitor user behavior 24/7. I explained that I was surprised to find out that there was only 1 in 1.
“The types of monitoring and analytics used to detect insider threats vary widely across organizations. Our analysis on both highlights the need for better tools and processes to detect and prevent insider attacks.”