Today, behavior-based security analytics provider Gurucul released their “Insider Threat Survey”. Gurucul surveyed 671 international IT professionals attending the RSA Conference 2019 to learn more about the dangers of insider threats; thus, the survey explores the prevalence of insider threats and how to combat them.
Distressingly, over 70% of all enterprises possess a vulnerability to insider threats; this finding highlights the danger malicious insiders pose to businesses. Other findings from the Gurucul Insider Threat Survey include:
- User Error constitutes the most dangerous and prevalent insider threat, according to IT professionals.
- 40% of enterprise respondents said they can’t detect either an insider threat during or after it moves data outside the network.
- Only 36% can detect an insider threat in real-time.
- Additionally, only 26% can detect an insider threat before data exfiltration.
- ⅓ of IT professionals focus on reacting to insider threats rather than proactive prevention.
Saryu Nayyar, CEO of Gurucul, offered her comments on the report. “Insider threats have emerged as the leading concern for companies of all sizes because they are so difficult to detect and have the potential to inflict the greatest damage to an organization. This explains why more than 60% of the companies surveyed are focused on detection and prevention.”
Insider Threats and Security Analytics
In the Insider Threat Survey, Gurucul notes very few companies take no action to prevent insider threats. Indeed, a majority of them embrace SIEM, with security analytics following close behind. In particular, Gurucul recognizes security analytics as a predictive solution to malicious insiders.
For context, User and Entity Behavior Analytics (UEBA) enables security analytics solutions to establish baseline behaviors for all users and recognize abnormal behaviors; after detection, it can send a security alert to your security team for investigation. Moreover, more comprehensive security analytics also monitor devices and privileged accounts, both of which prove essential.
According to the provider, the most important approach to fighting insider threats is to be predictive and proactive. Don’t allow malicious actors the upper hand.