The Insider Threat Problem and What You Can Do About It
Organizations are right to be concerned about shadowy hacker groups infiltrating their IT systems. According to Verizon’s 2020 Data Breach Investigations Report, 70 percent of security breaches can be traced to malicious external actors. Organized criminal groups were behind 55 percent of breaches, and 86 percent of breaches were financially motivated.
Those are sobering statistics. But what many organizations overlook is that 30 percent of attacks are the result of insider threats. These include cyber attacks carried out by malicious internal actors, and those caused by well-meaning insiders who fall victim to a scam or fail to follow best cyber security policies.
According to the Ponemon Institute’s 2020 Cost of Insider Threats Global Report, organizations experienced more than 23 insider incidents on average over a 12-month period. Almost two-thirds (62 percent) of those incidents involved negligence, and cost an average of $307,111. Another 23 percent involved malicious insiders, which cost an average of $755,760.
The Ponemon Institute includes credential theft in the definition of types of insider threats. Although incidents involving credential theft represented just 14 percent of all insider attacks, they were the most costly, at $871,686 on average. What’s more, the number of credential theft incidents almost tripled since 2018.
Why Insider Threats in Cyber Security Are Pernicious
Insider threats in cyber securitys are expensive because they’re devilishly difficult to detect. After all, if someone logs into a system with valid credentials, it’s hard to know if the user is not authorized or acting in the organization’s best interests. Insiders can inflict serious damage because they have ample opportunity to exploit any vulnerabilities. According to the Ponemon report, it takes an average of 77 days to contain an insider incident, with 35 percent of attacks requiring more than 90 days.
Traditional perimeter defenses such as firewalls and intrusion prevention systems cannot protect against insider threats because the attack comes from within the network. However, insider attacks have indicators of compromise just like other threats. Unusual access to resources, activity at unusual locations or times of day, and sudden increases in data transfers can point to insider attacks.
For example, if someone were to log into a high-value server from a new location using a administrator account, that could be a red flag of possible credential compromise. Or if a user suddenly begins downloading gigabytes worth of data, it could indicate an insider attack. So this makes detecting insider threats very difficult.
The number of credential insider theft incidents almost tripled since 2018.
Insider Threat Security
In order to reduce the risk of insider threats, organizations should implement policies related to the access and use of corporate IT resources, with consequences for failure to follow them. Employees need to be educated about cyber security best practices and everyone’s responsibility for protecting systems and data. Regular training can help reinforce these policies and procedures and develop a culture of security throughout the organization.
Behavior analytics tools can help detect insider threats by creating a baseline of normal user behavior and watching for significant changes in pattern. With behavior analytics, you’re not monitoring devices to detect known attack signatures or malicious files but focusing on what users are doing — accessing systems, launching apps or downloading data. Best-in-class behavior analytics tools use artificial intelligence and machine learning to better understand user behaviors so that they can identify abnormal activity.
GDS Can Help You Bolster Your Insider Threat Security
Insider attacks represent 30 percent of cyber threats, and can be devastating in terms of cost and business disruption. If you’re concerned about insider threats — and you should be — let GDS help you implement the policies and tools you need to bolster your insider threat security strategy.
Benefits of Managed IT Services from Global Data Systems
- Strategic Managed IT: We help you solve your technology related business problems.
- Connectivity: We get you reliable, secure connectivity anywhere in the western hemisphere in 48 hours.
- Support: When you need help simply call our 24x7x365 support number.
- Billing: Instead of managing hundreds of vendors - get one, easy to read bill from GDS.