The threat posed by someone inside an organization is often overlooked and poses the highest risk. A survey from SANS found nearly a third of organizations have no capability to prevent or mitigate an insider attack or incident, while over a third estimated the potential loss from an insider threat to be over $1 million, before including the immeasurable damage to brand and reputation. Overall, the survey identified there is a positive trend of organizations starting to recognize the risks posed by insider threats but organizations are struggling to deal with them.
Recognizing the risks
The SANS survey focused on threats posed by insiders because people inside the organization “may have unfettered access to sensitive data, as well as the means, methods and motives to access information, virtually undetected.” The survey found a pattern of organizations correctly voicing concern for risks posed by negligent or malicious employees, but are too often failing to focus on solutions.
Following that same trend, the survey determined prevention is currently more a state of mind than a reality. More than 68% of organizations surveyed considered themselves able to prevent or mitigate an insider attack; yet over a third of organizations indicated they have still suffered actual insider incidents or attacks. The costs of these types of attacks are very often immeasurable damage to brand and reputation.
Identifying types of insider threats
Threats from an insider often go unprevented because they go undefined. The first step towards an effective solution to the problem posed by insiders is to identify and understand the types of insider threats. CyberArk offers excellent solutions for insider threats and recently published an eBook that helps to identify these types of threats:
The Exploited Insider
- 49% of accidental insider breaches are caused by phishing. (Source)
- Attackers gain access to the user’s machine and capture all privileged credentials available.
- Can also be an insider acting in response to external coercion.
The External “Insider”
- Most organizations allow third-party vendors access to their internal networks.
- Just like employees, these external “insiders” are also a target exploited by cyber attackers.
- In 70% of cyber attacks with a known motive, there is a secondary victim, targeted due to their trusted access. (Source)
- Most leading institutions have 200-300 high-risk third-party relationships. (Source)
The Malicious Insider
- Usually the most difficult to detect. (Source)
- Commonly have the highest potential costs. (Source)
- 50% are current employees and 50% are former employees. (Source)
The Unintentional Insider
- 56% of internal incidents in 2015 were attributed to the inadvertent misuse of data or an accident. (Source)
- Do not intend to jeopardize sensitive data.
- Risks are often introduced in attempts to increase productivity or efficiency.
Detecting and mitigating the threats
Excellent privileged access management practices are at the heart of detecting, preventing, and containing threats posed by insiders. Least privilege access and monitoring solutions are more crucial today than ever before, for organizations of all types and sizes.
Important solutions for securing against insider threats:
- Privileged user access control & credential management
- Privileged session monitoring
- Session isolation and control
- Granular, on demand privileged access control
- Behavioral analytics and threat detection
Implementing effective solutions to reduce and eliminate risk from insider threats requires detailed knowledge of the solutions available as well as how they can be most effectively applied to your unique organization. Get a free risk assessment from CyberSheath’s innovative Privileged Access Management team by clicking below, and start securing your organization from the inside out.