No Strategy to Defend Against Insider Threats
Insider threats have caused 59 per cent of data security incidents in the past twelve months.
Nevertheless, according to a study by Forrester on behalf of Imperva, 59 per cent do not give internal risks the same priority as external threats. Although insider threats are more common than external threats, investment in stopping them is decreasing. This approach is at odds with the current threat situation. After all, the shift to telecommuting meant that many employees found themselves outside of companies’ typical security systems.
Lack of budget and internal expertise
But why do companies not prioritise insider threats? The majority of respondents blame lack of budget (39 per cent) and lack of internal expertise (38 per cent). 29 percent of companies do not perceive insiders as a serious threat, and a third attribute their indifference to insider threats to a lack of executive support. In fact, nearly 70 per cent of companies have no strategy or policy for managing insider risk.
“Despite increased investment in cybersecurity, organisations are more focused on protecting against external threats than the risks that may be lurking within their own networks,” said Kai Zobel, Area Vice President EMEA Central at Imperva. “Insider threats are difficult to detect because internal users have legitimate access to critical systems, which makes them invisible to traditional security solutions, such as firewalls and intrusion detection systems. The inability to see insider threats poses a significant risk to the security of corporate data.”
Companies that want to better protect themselves against insider threats should take the following steps:
- Gain buy-in from all stakeholders to invest in an insider risk programme.
Insider risk is a people-driven problem, not a technology problem, and must be treated as such. It is important for the success of the insider risk programme that it is endorsed and supported by leaders from across the organisation.
- Follow zero-trust principles for dealing with insider risk
A zero-trust approach helps protect data and users and limits the ability of insiders to use sensitive resources that are not necessary to their function.
- Establish a dedicated body to deal with insider risk.
Since the insider threat is a human phenomenon and inherently sensitive, it requires dedicated resources. These can be integrated into the security team or, better still, be their own dedicated department. In any case, this team needs a specific mandate for insider risk and training to identify and respond to insider threats.
- Create and follow processes for the insider risk programme.
The serious nature of insider risks and the associated privacy concerns require that strict policies are put in place and followed. Any review must be treated as if it were to end up in court, and policies must be applied consistently.
- Implement a comprehensive data security solution
A complete solution is one that goes beyond DLP (Data Loss Prevention) and provides monitoring, advanced analytics, and automated responses to prevent unauthorised, accidental, or malicious access to data. The technologies used should support the set processes and the mission of the insider risk department. This can save the company money and reduce the risk of security incidents damaging the business.
Research methodology
Forrester conducted an online survey in September 2021 of 464 security/IT professionals responsible for managing or responding to insider threats at organisations in APAC (Asia Pacific), EMEA (Europe, Middle East, Africa) and North America. 153 respondents were based in EMEA.