More than ever, organizations are under continuous cyberattack from nation-state and professional criminal hackers. So, it’s understandable that so many IT security teams focus on stopping intruders from gaining access to their valuable IT assets. The problem is that a distressing number of organizations drop the ball when it comes to protecting against the insider threat.
The new 2020 Insider Threat Report, from Cybersecurity Insiders and Gurucul, discovered that nearly half the surveyed companies cannot remediate insider threats until after data loss occurs. While it’s an alarming statistic, it isn’t necessarily surprising.
Malicious insiders are serious threats mostly because they’re difficult to identify. An insider, whether an employee or contractor (or even a third-party vendor), is already entrusted with authorized access to systems and applications on the network. Absent an insider threat solution, it’s challenging for cybersecurity pros to know whether an employee is carrying out his normal work tasks or engaged in something sinister.
The insider threat is not limited to employees deliberately involved in nefarious activities. Insider threats can also be well-meaning, dedicated employees who simply make mistakes. Criminal hackers prey upon these employees. You can explain IT policies and risks as much as you want. But it’s still likely that someone will click a link on a questionable news site or respond to a phishing email that appears to come from your company’s bank.
Mistakes happen, it’s inevitable. After all, it’s human beings sitting at the keyboards of your networked computers. They’re fallible. And they usually don’t even realize they’re putting your data at risk. But, keep running around with scissors long enough and eventually someone gets hurt.
What the 2020 Insider Threat Report Reveals
The real problem occurs when that accident-prone employee has elevated access on the network. An attacker who successfully compromises the employee’s credentials now has that employee’s same access into your network. The compromised account becomes a proxy for a hostile intruder who likely knows how to leverage that access to go deeper and deeper into the network. Indeed, the 2020 Insider Threat Report revealed that 63% of organizations think that privileged IT users pose the biggest insider security risk.
But there’s much more than that. Other key findings in the report include:
- 68% of organizations feel vulnerable to insider attacks
- 53% of organizations believe detecting insider attacks has become significantly to somewhat harder since migrating to the cloud
- Organizations cite lack of resources (31%) and too many false positives (22%) as the biggest hurdles in maximizing the value of SIEMs
- Only about one third of organizations can detect anomalous behavior in NetFlow/packet data , service accounts and cloud resources
The insider threat is a prickly situation to handle. After all, employees are a core component of any good business. So, you can’t just simply deny them access to your network to mitigate risks. But in large organizations there are many employees with access to sensitive data. We need a viable solution that can counteract the security risks that these insiders pose.
The Gurucul Insider Threat Detection Solution
A program that monitors the behavior of users and devices to determine when they deviate from their baselines can detect activities indicative of an insider threat. That’s what we’re doing at Gurucul – providing a security analytics solution that can predict, detect and prevent insider threats. The Gurucul Risk Analytics (GRA) platform monitors in real-time the actions performed by users. It looks for behaviors that are outside the range of “normal” actions to identify malicious insiders or external intruders who compromised a user’s account.
It’s the right solution for this day and age of cyber threats, where every enterprise has a big hacking bullseye displayed brightly across their backs. We can’t expect to remove that bullseye altogether. But we can mitigate the risks that both willful and accidental insider threats inevitably cause.
Download the full 2020 Insider Threat Report at www.gurucul.com/2020-insider-threat-survey-report.