Enterprise Insider Threats on the Rise

New report finds 59 percent of organizations have experienced at least one insider attack in the last 12 months

By Rich Campagna, CMO, Bitglass

With news of hacking incidents, new strains of malware, and other alarming external cyber attacks, many organizations can overlook the importance of remediating insider threats. Comprised of both negligent and malicious employee behaviors, these threats pose a legitimate danger to enterprise security. To learn more about the state of insider threats and what organizations are doing to defend against them, Bitglass partnered with a leading cybersecurity community to survey IT professionals. The results, captured in the 2019 Insider Threat Report, revealed that insider attacks are on the rise. Unfortunately, they also showed that most organizations don’t have the proper security controls in place to identify and defend against these harmful attacks which can stem from employees, partners, or other internal stakeholders.

In the survey, 73 percent of all respondents said that insider attacks have become more frequent over the past 12 months; 59 percent said that their organization has been a victim to at least one over the same timeframe. These numbers are significantly higher since the last time Bitglass conducted this survey in 2017. While this is likely due to a multitude of factors, two key themes did seem to emerge from the research. The first is data moving off premises, and the second is the fact that companies often fail to secure their data in the growing number of devices and applications that access and store corporate information.

The rapid adoption of the cloud and bring your own device (BYOD) means that data is no longer kept safe behind on-premises firewalls and other traditional security tools. In fact, in separate studies, Bitglass found that 81 percent of organizations around the world now use cloud apps and that 85 percent of organizations now enable BYOD. These numbers indicate that companies are embracing new technologies that offer numerous benefits; for example, greater cost savings improved productivity, and more collaboration, as well as enhanced employee satisfaction and retention. However, this fundamental shift in where and how data is stored, used, and shared demands a different approach to security. Unfortunately, Bitglass’ latest research suggests that many companies are failing to adapt accordingly.

The first issue uncovered in the report lies with the monitoring and detection of insider threats. 56 percent of organizations said that it is more difficult to detect insider threats after migrating to the cloud. Despite this, 41 percent claimed that their organizations don’t monitor for abnormal user behavior across their cloud footprints. Furthermore, only 12 percent of enterprises reported that they are able to detect insider threats stemming from any personal mobile device. While an additional 39 percent said that they can detect these threats if personal devices are used on premises or have agents installed, this is not as helpful as it may initially seem. BYOD means that data is frequently being accessed remotely – outside of the network perimeter. Additionally, employees tend to reject agents on their personal phones because they can invade their privacy and impair the functionality of their devices. In other words, the aforementioned 39 percent still need to take steps to secure personal endpoints from insider threats.

In addition to the above, many companies are failing to employ other tools and practices that are needed to stay safe. Alarmingly, only 50 percent of organizations are providing user training to combat insider threats. As many of these threats are caused purely by negligence, training employees on security best practices (such as password hygiene and how to spot phishing emails) have proven to be effective. Most employees want to help keep their company secure, but need to know how their actions fit into the equation. Another area in which organizations must improve is in the use of secondary authentication. While the tool is helpful for preventing malicious data access when users surrender their credentials, a mere 31 percent of organizations stated that they currently use it.  In light of these issues, it is not surprising that 68 percent of organizations felt moderate to extremely vulnerable to insider threats.

Enterprises wishing to adapt to today’s dynamic business landscape through the use of cloud, BYOD, and other innovative solutions must be able to detect, prevent, and respond to insider threats. By understanding modern risks and leveraging appropriate security solutions like cloud access security brokers (CASBs), the vast majority of insider threats can be reduced or even eliminated.

About the Author

Rich Campagna is the CMO of Bitglass. He joined as VP of products and has served in various roles at the company. Prior to joining Bitglass, Rich was senior director of product management at F5 Networks, responsible for access security. Rich gained valuable experience in product management and sales engineering at Juniper Networks and at Sprint before working at F5. Rich received an M.B.A from the UCLA Anderson School of Management and a B.S. in electrical engineering from Pennsylvania State University. Rich can be reached online through Bitglass’ website: http://www.bitglass.com/