At the 2019 RSA Conference, Gurucul conducted an Insider Threat Survey. We wanted to get a sense for just how prevalent the Insider Threat is in the minds of the practitioners. 671 international IT professionals responded, which is incredible! The Gurucul Insider Threat Survey Report contains the survey questions and results.
Key Insider Threat Survey Findings
What did we find out at the RSA conference? Key findings include:
- Over 70% of companies are vulnerable to Insider Threats, with the Manufacturing industry being the most vulnerable
- User Error is the most detrimental Insider Threat, with the Retail industry experiencing the most user errors
- Malicious Insiders are the biggest concern for large enterprises and midsize companies
- 40% of respondents can’t detect Insider Threats or detect them after the data has left the organization
- Manufacturing is the least mature industry with the highest percentage (45%) of Insider Threats being discovered after the data has left the organization
- False Positives is the biggest hurdle in maximizing the value of SIEMs
- Retail and midsize companies are most concerned that they can’t detect unknown threats
- One third of IT professionals are focused on detecting Insider Threats after-the-fact versus predicting them before they occur
- Companies are focused on monitoring user behavior, leaving some devices, privileged accounts and service accounts unmonitored
How Big a Problem are Insider Threats?
Insider threats are the biggest cyber security problem for companies today because they can cause the most damage and are much harder to detect and prevent than external threats. Insiders are just that – insiders. They know where the sensitive company/customer data is and who has access to it, so they know exactly where to strike if they decide to take action.
Insider Threats are a huge and growing problem. They are so severe, Verizon has refocused its Data Breach Investigations Report dataset and caseload analysis into the Verizon Insider Threat Report. You absolutely need a mature Insider Threat Program, and we recommend Security Analytics as the foundational technology. Security Analytics capabilities as a force multiplier for advanced insight on malicious behavior is invaluable.
Predict Insider Threats with Security Analytics
Security Analytics is predictive. It monitors broad traffic patterns, and wide behavior patterns, and extracts critical context from big data with advanced machine learning. Security Analytics provides significant indicators which deliver valuable and timely risk-based insights to predict insider threats.
An example case of predicting potential malicious behavior is where an employee is visiting job websites, sending themselves emails with process information, possibly accessing data they don’t normally work with. They’re doing many things indicating the individual will probably leave the company in the near future, and possibly depart with data important to the organization. That’s a prediction. It gives you enough time to take preemptive action. Referenced against a behavior baseline of the individual, as well as their peer group, the activity is scored in gradations between either normal or anomalous. An elevated risk score could justify prioritized security monitoring, or even remedial action, especially if the data they’re accessing is outside their normal job responsibilities and of a sensitive nature. Prioritized risk-based alerts remove the need to go through countless log files to determine the severity of a user’s behavior.
Download the Gurucul Insider Threat Survey Report
Get the full report! Simply click the below to access the survey findings.