Insider Threats are on the rise and are expected to increase further with economic uncertainty. As organizations adapt to the new normal, we take a look at what drives the increasing risk of insider threats and how the situation is worsened with more remote employees than ever before, using new applications, and relying on the cloud for more services.
The 2020 Insider Threat Report by Cyberhaven and Cybersecurity Insiders reveals the latest trends and challenges facing organizations in this new environment, how IT and security professionals are dealing with risky insiders, and how organizations are preparing to better protect their critical data and IT infrastructure. Let’s dive in!
Insider Threats and Its Impact on Your Organization
60% of respondents believe detecting and preventing insider attacks is more difficult than external attacks. This is largely due to the difficulty in detecting motivated, knowledgeable insiders with access to administrative privileges. Even accidental leaks are often equally impactful and hard to detect. Organizations believe that the lack of employee awareness/training, insufficient data protection, and increasing number of devices with access to sensitive data are the main reasons behind insider attacks. The impact of data exfiltration on organizations include, operational disruption or outages, loss of critical data, and brand damage. The conditions create a perfect storm that has even the most sophisticated enterprises worried about visibility into critical data.
Increase in Cloud App Usage Drives Data Exfiltration
Organizations are flying blind as data is leaving the perimeter at a much higher rate than ever before. To maintain productivity, employees are using applications that allow them to store files on their personal cloud, share information, and collaborate with colleagues—often without the security team’s knowledge or oversight.
42% of organizations consider collaboration and communication applications (email, messaging, etc) while 39% consider cloud storage and file sharing apps (Dropbox, OneDrive, Office365, etc), most vulnerable to insider attacks. This is not surprising considering these apps enable easy transfer of sensitive data in bulk.
When data is exfiltrated, there is yet another challenge of detecting if this employee is malicious. Intent for data exfiltration is key, yet traditional security tools cause more headaches when it comes to investigating what happens.
Data Behavior Analytics Gives Visibility
Many enterprises are facing challenges with current security solutions such as DLP for insider threat. DLP challenges include: difficulty keeping policies up to date at the rate of business needs (27%), limited data/file visibility (25%), and too many false positives (23%). Further, DLP tools are cost-prohibitive for 37% of organizations, while many lack the necessary staff to implement (42%) and maintain (32%) them.
36% of organizations are looking at Data Behavior Analytics (DaBA) to gain visibility into data movement without cumbersome policies and a large security team. With Cyberhaven, security teams get real-time visibility into the movement of intellectual property as it travels across cloud and on-premise environments — revealing intent of data exfiltration and exposing insider threats before it’s too late.
Topics: Insider Threat