A new report confirms the risk that employees can pose to organisations.
According to the 2020 Insider Threat Report from Bitglass, 61 percent of firms reported at least one insider attack over the last 12 months. Moreover, 22 percent reported at least six separate attacks.
The security vendor notes the threat is exacerbated by the current shift to of remote work, rapid migrations to the cloud and BYOD (bring your own device) policies. Along with these trends, securing against insider threats has become increasingly challenging. Most organisations cannot guarantee that they can detect insider threats stemming from personal devices (82 percent) or the cloud (50 percent), while 81 percent find it difficult to assess the impact of insider attacks.
Bitglass also points out that few respondents have a single platform that delivers complete, unified visibility and control for any interaction. “When dealing with multiple disjointed tools that provide disparate levels of protection, security professionals spend an inordinate amount of time managing each of the solutions individually,” it says.
As such, 49 percent of respondents stated that at least one week typically goes by before insider attacks are detected. Additionally, 44 percent said that another week usually passes before the organisation recovers from the attacks.
If you liked this content…
The CAF checklist: are NHS trusts ready for new cybersecurity rules?
Government defences “outpaced” by hostile states and criminals – report
AI a double-edged sword in cybersecurity
Modern digital government needs security resilience, says Trend Micro
MOJ investigates after Legal Aid Agency hit by data breach
“All organisations, including government agencies and political groups, need to have full visibility and control over their data to prevent these types of threat,” Anurag Kahol, CTO of Bitglass tells Think Digital Partners.
“To ensure sensitive information is always safe, organisations should look for security platforms that enforce real-time access control, detect and remediate misconfigurations, encrypt sensitive data at rest, manage the sharing of data with external parties, and prevent data loss.”
While organisations were already working with constrained security budgets before the pandemic, security teams are now being asked to do even more with less, says the study. Seventy-three percent of companies’ security budgets are decreasing or staying flat over the next year.
The fallout from the loss of critical data and the disruption can be huge. This includes brand damage, remediation costs, legal liabilities and loss of revenue.
