One million six hundred ninety-one thousand reasons to look inside

We recently sponsored our second significant research effort aimed at helping understand the scope and nature of insider threats. Much like the first, this effort includes some key takeaways:

1. Insider attacks are on the rise – 62% of security professionals who took part in the survey believe insider attacks have become more frequent in the last 12 months. I think it’s ok to ask whether insider attacks are actually on the rise, or simply, finally, getting the type of attention that the seriousness of the problem warrants.
2. >Insider attacks are costly. – Survey respondents estimate the cost of remediating a successful insider attack at some $445,000. From the just about 1/4 of respondents who bravely acknowledged experiencing an insider attack(s), we learned that the average number of known insider attacks per organization in the last 12 months was 3.8. We’ll leave the math to you the reader. Suffice to say that rapid detection of an insider attack, with response aimed at shutting the threat down, can save a lot of money.
3. Budget priorities are not aligned – Only 34% expect their insider threat management budget to increase in the coming 12 months. More than 10% actually believe their budgets will go down.
4. Insider attacks are difficult to detect and prevent – When asked how difficult it is to detect and prevent, 62% said insider attacks are more difficult than external attacks. This makes sense for multiple reasons. First, an overwhelming majority of budgeted dollars go towards defending against external attacks as compared to internal. All that firepower breeds confidence. Second, insider attacks are by their very nature difficult to deal with. So many of the steps an outside adversary would need to execute to get at sensitive data or systems are not needed when an insider in involved. Fewer steps = fewer opportunities to get caught. Third, the question asked about both detection and prevention. How do we prevent someone who has the keys to our house and our alarm code from entering it when we aren’t home and rifling through the drawers?

When it comes to insider attacks, our focus needs to be on detection. Because if we can detect a problem we can respond to it. Don’t let the daunting nature of trying to figure out how to prevent or paralyze you from taking action that will help secure your company.