According to a recent survey of hundreds of IT security professionals, most organizations have significant security holes when it comes to protecting themselves against insider threats.
In the survey, conducted by SANS on behalf of employee monitoring firm SpectorSoft, 32 percent of respondents said their firms do not have the ability to prevent an insider attack.
Free Resource: Discover how user behavior analytics can analyze current and historical data from hundreds of sources to use as a basis for discovering abnormal behavior that could indicate a possible security breach.
While a majority (74 percent) of respondents said they’re concerned that their own insiders could be detrimental to their organization, most are failing to take the required steps to remedy the problem. Disturbingly, 44 percent did not know how much their organization was spending to address insider threats.
“Although organizations know insider attacks pose a salient threat, spending on insider threat defenses falls short,” SpectorSoft said. “Without a comprehensive understanding of what they are spending to prevent the problem, it is likely that organizations also will not know what insider threat defenses they lack or where they can invest further to fill in security gaps and bolster protection against a potential insider attack.”
“While it’s good to see that a strong majority of security professionals are concerned about the dangers posed by insider threats, I was struck by the fact that investment in solutions that can help does not appear to be keeping pace with that concern. I believe a key action item called out by the survey data is that increased focus on, and investment in, addressing the concerns is required,” said Mike Tierney, COO for SpectorSoft.
The survey also indicated that many IT security professionals are in the dark on the possible damage that can be caused as a result of data being exposed by the hands of a malicious insider.
More than 52 percent of survey respondents said they don’t know what their losses might amount to – and what it would be worth should it become publicly exposed or fall into the wrong hands.
According to SpectorSoft, the causes behind these security gaps are numerous, with respondents citing lack of training, lack of budget and lack of internal staff as the three most significant reasons for lack of insider threat defenses.
However, the survey revealed that in addition to budget and staffing woes, 28 percent of all respondents claim that insider threat detection and prevention is not even a priority in their organizations.
More than half of respondents (66 percent) said their organization either does not have an insider response plan or has no incident response plan at all.
It is no surprise that insider threats are challenging to detect, and two-thirds (66 percent) of survey respondents claim they have never experienced an insider attack.
“The 34 percent of respondents that admitted to having an insider breach are likely the tip of the iceberg,” SpectorSoft said. “Without dedicated technologies and focus to address the problem, these attacks will likely continue to fly under the radar.”
“Whether the attacker is a malicious insider or an adversary that has hijacked a legitimate user’s identity, the challenge is the same – discovering suspicious activities performed by a user already within your network and with legitimate credentials,” experts from security firm Fortscale explained in a recent white paper. “Organizations require advanced tools to transform their massive amounts of event and log data into effective and actionable user threat detection intelligence.”
The survey (PDF), “Insider Threats and the Need for a Fast and Directed Response,” was conducted between December 2014 and January 2015. 772 IT security professionals representing a broad spectrum of industries and sizes, including the technology, government, financial, education and healthcare sectors, participated in the survey.
Resource: Successfully Utilizing User Behavior Analytics to Mitigate Insider Threats
Case Study: How a Major Online Retailer Enhanced Visibility into Threats With User Behavior Analytics