Staff Negligence Is Now a Major Reason for Insider Security Incidents
Insider threats cost organizations approximately $15.4 million every year with negligence a common reason for security incidents, according to the latest research. Over the past two years, organizations have had to adjust to remote work and other effects of the COVID-19 pandemic. Malicious actors have taken advantage of these changes by exploiting weaknesses in enterprise security and the fact that business leaders’ attention has been placed elsewhere.
The actions of cybercriminals have forced many organizations to invest in new technology to safeguard their assets and harden network defenses from external threats, but the latest report from Proofpoint suggests insider threats are also costing organizations greatly as they deal with a workforce shortage stemming from the pandemic.
Today’s organizations are facing cybersecurity challenges from every angle. Fragile endpoint security, unsafe cloud platforms, weaknesses – whether unpatched or zero-days – the presence of uncontrolled internet of things (IoT) devices on enterprise networks and remote and hybrid workforces can all become a channel for the transmission of a cyberattack to take place.
Proofpoint, Inc., a leading American enterprise security company, recently released its 2022 Cost of Insider Threats Global Report to identify the costs and trends associated with the actions of negligent and malicious insiders. On average, impacted organizations are spending $15.4 million annually remediating threats, and it takes 85 days to take control of each incident.
According to the report, over the last two years, the prevalence of insider threats and the costs associated with those threats have increased significantly across each insider threat category, including employee or contractor negligence, malicious insiders, and credential theft incidents.
Insider Threat Costs and Trends According to 2022 Cost of Insider Threats Global Report
Based on an interview of 1,004 IT and IT security practitioners across 278 organizations, the survey discovered that organizations in North America experienced the highest total cost at $17.53 million. The financial services and services organizations have the highest average activity costs, with every company paying $21.25 million, according to the report.
The Negligent Insider
Employees or contractors continue to be the main source of an insider threat. 56% of reported insider threat incidents were the result of a negligent employee or contractor, costing on average $484,931 per incident. This could be the result of several factors, including the following:
- Failing to secure their devices are secured
- Not following the organization’s security policy
- Failing to ensure that their devices and applications are patched and upgraded
The Disgruntled Employee
Malicious insiders were responsible for 26% (or 1,749 incidents), at an average cost per incident of $648,062. Malicious insiders use their data access and privileges to carry out harmful activities. Due to employees being granted more access to more information in an effort to enhance efficiency and productivity in today’s workforce, malicious insiders are becoming harder to detect than external malicious actors.
User Credential Theft
Credential theft incidents have nearly doubled since Proofpoint’s last study. Credential theft has become the costliest threat incident to remediate, costing organizations $804,997 per incident. The intent of user credential theft is to obtain credentials that will give the malicious actors access to critical data and information. User credential theft accounted for an average of 18% (or 1,247 incidents) of threat incidents.
Containing an Insider Threat
The time it takes organizations to take control of an insider incident increased from Proofpoint’s last study. It takes an average of 85 days to contain an insider incident, compared to the 77 days it took in the previous year, based on the last study. Insider threat incidents that took more than 90 days to get control of cost organizations $17.19 million annually, while incidents that lasted less than 30 days had the lowest average annual cost of activities at $11.23 million.
According to the findings in the study, the size of an organization affects the cost per incident. Large organizations that have more than 75,000 employees spent an average of $22.68 million over the past year to resolve insider-related incidents. On the other hand, smaller organizations with less than 500 employees spent an average of $8.13 million.
Insider Threat – Is Your Organization at Risk?
Organizations have increasingly adopted work from home policies for most of their employees, contractors, suppliers, and partners. While digitalization allows employees to work from anywhere, it doesn’t come with some risks. Insider threats are a mounting security concern for today’s organizations, regardless of size.
As more organizations adopt cloud solutions, there will always be a risk that data will be stolen, or that systems will be crippled by an insider threat. Organizations that have adopted a cloud environment are more vulnerable to insider threats and attacks due to weak identity management and access management, insecure authentication, or unsecured Application Programming Interfaces (APIs). This is mainly due to the lack of monitoring and maintenance tools for unusual behavior.
To protect your organization from insider threats, everyone within your organization must understand the risk factors. Here are signs that your organization may be at risk:
- Your employees lack security compliance training
- Your employees are not aware of the best methods to secure their devices,
- Your employees transmit sensitive data to cloud environments that have not been secured
- Your employees break security policies to make their jobs easier
- Your employees fail to patch or upgrade devices and applications to the latest version
While organizations can be vulnerable to the same type of risks, there is no one-size-fits-all solution that can prevent and mitigate these risks. Not every security tool or solution is effective against insider attacks, especially given the complexities of cloud environments and the lack of proactive monitoring. To detect these anomalies and abnormal behavior patterns in cloud environments, organizations need to implement advanced solutions and adopt best practices.
How the HRCT Team Can Help
Threats and attacks are not just coming from outside an organization. Insider threats are a major security concern for organizations across the globe, as they can wreak havoc and cause devastating losses. Insider threats are making it difficult for traditional security solutions to detect unusual activities. It is a must that organizations arm themselves with the right tools and solutions to be able to detect and protect against insider threats. HRCT simplifies insider threat detection, investigation, and response.
With our security solutions, organizations can:
- Reduce the damage an insider could do
- Classify your data so you can implement appropriate controls
- Monitor the activity of users
- Investigate incidents and promptly find the best response to each attack
For more information on how your organization can mitigate the risk of insider threats, contact us today.
Thanks to our friends at DataEcon in Dallas for their help with this content.