As organizations try to defend themselves against external threats, they need to remember that insider threats can also cause harm. Whether intentionally or unintentionally, employees and other individuals invariably take certain actions that can lead to data loss, business slowdowns, legal liabilities, and reputation damage. This is especially true now as people work from home and use their own devices to access company resources.
SEE: Zero trust security: A cheat sheet (free PDF) (TechRepublic)
A report released Wednesday by security provider Bitglass shines a light on the ramifications of insider threats and offers advice on how to use the right security features to combat them. The report was based on a survey of 457 IT and security professionals from around the world but mainly in the US.
Insider threats can come from different sources. Angry or careless employees, or ex-employees who still have access, can create trouble through just one simple action. But hackers who capture employee credentials can also pose an insider threat with access to critical assets.
Among the respondents, 61% said they’ve experienced at least one insider attack over the last 12 months. Some 22% said they’ve reported at least six separate attacks over the same period. Further, responding to such an attack can be a slow process. Almost half of those surveyed said at least a week goes before they finally detect an insider attack, while 44% said it would take another week or more to recover from the attack.
The loss of critical data and the disruption to business operations were the two leading consequences of insider attacks, each cited by 38% of the respondents. Brand damage and the costs of remediation were next on the list, each mentioned by 24% of those surveyed. Other consequences included damage to the organization’s competitive posture, legal liabilities, loss of revenue, loss in market valuation, and noncompliance with regulations.
Dealing with an insider attack can also be a costly endeavor. Some 32% of the respondents said that the average cost of remediating such an attack can range from $100,000 to $2 million. Even if the costs are under $100,000, they can add up in the face of multiple attacks.
The latest trends and transitions in technology can create barriers as well. Half of those surveyed said they found it more difficult to detect insider threats after their organization migrated to the cloud. A full 82% of the respondents said they can’t always guarantee that they can detect insider threats coming from the personal devices of employees. In some cases, those devices need to be on premises or need to be running certain software agents for such threats to be discovered.
IT and security staff are also being asked to combat these attacks in the midst of budgetary challenges. A full 57% of those surveyed said their security budgets are staying the same, while 16% reported that their budgets are declining. Beyond the lack of a sufficient budget, cited by 61% of respondents, other obstacles to insider threat management were a lack of enough staff and a lack of the right security tools.
Even in the face of all the myriad challenges, the right type of security tool can help combat insider threats and attacks. Bitglass advises organizations to consider products with the following features:
- User and entity behavior analytics that use machine learning to baseline user behavior and identify suspicious departures from the norm.
- Step-up, multifactor authentication for users in unusual locations or for those who are engaging in unusual activities.
- Real-time data loss prevention capabilities like digital rights management and redaction that can prevent data leakage.
- Cloud encryption for sensitive files and fields in order to keep confidential or regulated data safe from prying eyes.
- Agentless deployment modes that don’t require software installations on endpoints; critical for Bring Your Own Device (BYOD) security.
“Secure access services edge (SASE) platforms allow enterprises to extend consistent security to all enterprise resources from a single control point,” Bitglass CTO Anurag Kahol said. “This enables the corporate security team to configure a single set of policies that automatically secure software-as-a-service (SaaS) apps, control access to malicious web destinations, and prevent leakage in on-premises resources—without the need for virtual private networks (VPNs). In other words, SASE replaces multiple disjointed point products, delivers significant cost savings, and provides the comprehensive security needed for a remote workforce in a cloud-first world.”