Insider Threats Still Pose Major Problems For Enterprise

By Frank Ohlhorst, Techrepublic

A survey sponsored by SpectorSoft shows that insider threats are one of the most challenging security issues to deal with for a majority of enterprises.

SpectorSoft, a user activity monitoring and analysis software firm, recently commissioned a survey to identify the top issues surrounding "insider threats" and identify some best practices to deal with those threats. The SpectorSoft 2014 Insider Threat Survey revealed some interesting facts about how enterprises are dealing with the challenges associated with insider threats.

One of the most revealing aspects of the survey is that the majority of enterprises can neither detect nor deter insider threats, making them especially vulnerable to fraud, data breaches, and intellectual property theft. The survey, which tallied the opinions of some 355 IT professionals, showed that some six in ten respondents are not adequately prepared to deal with insider threats.

Commenting on the results of the survey, SpectorSoft chief marketing officer Rob Williams said "The statistics paint a bleak picture when it comes to securing company data against insider threats". Williams added "With so many data breaches happening, C-level executives are coming to the realisation that their jobs could be on the line if company data isn't protected."

While Williams points out that insider threats could result in staff shakeups, there are some more troubling aspects to the menace of the insider threat, such as the crippling costs associated with employee fraud, coupled with the nature of insider threats which are difficult to detect due to the fact that authorised persons are misusing their authorisation.

According to Verizon's 2014 Data Breach Investigations Report, a dramatic increase in attacks has resulted in some astounding costs - where $2.9 trillion in losses globally can be attributed to employee fraud losses globally per year. In the U.S. alone, organisations suffered $40 billion in losses due to employee theft and fraud--but chances are that even more fraud went undetected.

While the numbers are troubling, IT managers need not sit on their hands and hope for the best. Those numbers can spur action and help to justify investments in technologies that can tame the insider threat beast. However, those IT managers need to understand both the consequences of inaction as well as the insider threat landscape and SpectorSoft's survey does an excellent job of spelling those concerns out.

For example, the report shows:

• 35% of organisations have experienced at least one insider threat, with the following breakdown (the total does not equal 100% as some respondents had more than one type of incident): Data leak: 49%, Fraud : 41%, Data breach: 36%, IP theft: 16% Insider threats were uncovered by: IT department: 41%, Coworker: 34%, Security team: 18%, Partner: 6%, Customer: 1%
• Losses from insider threats most-often cost less than $50,000: 70% of respondents report financial losses of under $50,000, 17% suffered losses of $50,000 to $100,000, 6% lost $100,000 to $500,000, 4% lost $500,000 to $1 million, 3% lost over $1 million
• 61% of organizations say they are not prepared for insider threats (the total exceeds 100% as multiple factors could be cited): Lack of training: 55%, Inadequate budget: 51%, Low priority: 34%, Understaffed: 34%, Lack of technology: 31%
• Even though 49% of respondents say they are trying to detect insider threats, 59% of these respondents admit that they cannot detect them
• 42% say detection is harder than deterrence or detailing an attack. Why? Because it's more straightforward. It's more about technology than psychology

While those survey results should prompt action - some IT managers may be uncertain as to what that action should be. It all comes down to three critical elements, which can be defined as:

• Deterrence: IT managers should draft and implement an acceptable use policy that spells out what is and is not acceptable for employees. That policy should also inform employees that the organisation has the right to monitor activity on company-provided devices and on the company network.
• Detection: IT managers should identify and implement usage monitoring platforms that can provide the forensic information for investigation and also be customised to detect unusual behaviour that indicates fraudulent behaviour.
• Details: IT Managers will find that investigating the details of an attack proves critical for preventing future attacks and also gathering evidence if prosecution is necessary. It is very important to select tools that can recreate the steps involved in an attack and identify the depth of the breach, as well as the amount of potential damage incurred.

SpectorSoft and Verizon have revealed the facts around insider threats, now it is up to IT managers to learn from those numbers and take action, before their organisations become victims of the ever growing menace of insider threats.