Insider Threat Awareness Growing But Action Lacking

sans(HStoday) Although the insider threat is on the radar for most organizations, many are repeatedly failing to take the necessary steps to prevent an attack, according to a recent report sponsored by SpectorSoft and conducted by the SANS Institute.

The report, Insider Threats and the Need for a Fast and Directed Response, surveyed 772 IT security professionals in a broad range of industries—including government, technology, finance, education, and healthcare, among others—between December 2014 and January 2015.

The results revealed organizations are increasingly aware of the salient nature of the insider threat, but struggle to deal with it. While almost three-fourths of organizations acknowledge that the accidental and malicious insider poses a threat to their organization, most put themselves at severe risk for significant data loss by being unprepared to protect themselves against insider threats.

The survey results found 44 percent of respondents are unaware of how much they spend on solutions that mitigate insider threats, and 45 percent do not know how much they plan to spend on insider threat technology in the next 12 months. Moreover, 32 percent have no ability to prevent an insider attack. . . . (read the rest)

– – – –
From the Executive Summary of the report:

As breaches continue to cause significant damage to organizations, security consciousness is shifting from traditional perimeter defense to a holistic understanding of what is causing the damage and where organizations are exposed.

Although many attacks are from an external source, attacks from within often cause the most damage. This report looks at how and why insider attacks occur and their implications.
Why focus on insiders? Because they may have unfettered access to sensitive data, as well as the means, methods and motives to access information, virtually undetected.

The results of the SANS survey on insider threats show that organizations are starting to recognize the importance of protecting against the insider threat but struggle to deal with it; as one might expect, larger organizations are more likely to have provisions for responding to such threats.

Key findings include:

  • Almost three-quarters (74%) of respondents are most concerned about negligent or malicious employees who might be insider threats. The FBI and Department of Homeland Security agree that insider threats have increased and that such threats pose a serious risk.
  • The pattern of survey respondents recognizing the problem while failing to implement solutions that efectively deal with it does not bode well. This yawning gap between claimed priorities and resources available for budget and planning is a playground for attackers.
  • This is only the tip of the iceberg; many insider threats go undetected, and some are only detected by accident
  • Over 68% of respondents consider themselves able to prevent or deter an insider incident or attack. Half (51%) believe their prevention methods are “efective” or “very efective.” Yet 34% of respondents indicated that they have still suffered actual insider incidents or attacks, some of which were costly.
  • Almost one-fifth (19%) of respondents believe that the potential loss from an insider threat is more than $5 million; another 15% valued such loss at $1 to $5 million. Immeasurable costs include brand and reputation damage and related costs not tracked in this survey.
  • One-fifth (20%) of respondents indicated they will increase their spending on the issue to 7% or more next year, demonstrating more awareness and focus on this area

The survey also showed how organizations approach insider threats, and this report includes our recommendations for improving incident response (IR), based particularly on these observations:

  • Most respondents focus on non-technical controls and awareness.
  • Malicious insiders are a greater concern than accidental insiders are.
  • Attack detection takes too long.

With this information, readers should be better prepared to address the threats insiders pose.

Insider Threats and the Need for a Fast and Directed Response (pdf)