Insider Risk

One million six hundred ninety-one thousand reasons to look inside

By Veriato Team

We recently sponsored our second significant research effort aimed at helping understand the scope and nature of insider threats. Much like the first, this effort includes some key takeaways:

  1. Insider attacks are on the rise – 62% of security professionals who took part in the survey believe insider attacks have become more frequent in the last 12 months. I think it’s ok to ask whether insider attacks are actually on the rise, or simply, finally, getting the type of attention that the seriousness of the problem warrants.
  2. >Insider attacks are costly. – Survey respondents estimate the cost of remediating a successful insider attack at some $445,000. From the just about 1/4 of respondents who bravely acknowledged experiencing an insider attack(s), we learned that the average number of known insider attacks per organization in the last 12 months was 3.8. We’ll leave the math to you the reader. Suffice to say that rapid detection of an insider attack, with response aimed at shutting the threat down, can save a lot of money.
  3. Budget priorities are not aligned – Only 34% expect their insider threat management budget to increase in the coming 12 months. More than 10% actually believe their budgets will go down.
  4. Insider attacks are difficult to detect and prevent – When asked how difficult it is to detect and prevent, 62% said insider attacks are more difficult than external attacks. This makes sense for multiple reasons. First, an overwhelming majority of budgeted dollars go towards defending against external attacks as compared to internal. All that firepower breeds confidence. Second, insider attacks are by their very nature difficult to deal with. So many of the steps an outside adversary would need to execute to get at sensitive data or systems are not needed when an insider in involved. Fewer steps = fewer opportunities to get caught. Third, the question asked about both detection and prevention. How do we prevent someone who has the keys to our house and our alarm code from entering it when we aren’t home and rifling through the drawers?

When it comes to insider attacks, our focus needs to be on detection. Because if we can detect a problem we can respond to it. Don’t let the daunting nature of trying to figure out how to prevent or paralyze you from taking action that will help secure your company.

2023 Preparedness Checklist: Ensure Your Workforce Is Productive and Secure

This guide will help you understand where there are opportunities and risks in your workforce, and what you can do to make sure 2023 is as secure and productive as possible with workforce behavior analytics.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Productivity & Insider Risk Resources

A More Insightful, Proactive Approach to Employee Monitoring

A More Insightful, Proactive Approach to Employee Monitoring

Also known as “bossware” and even “employee surveillance”, employee monitoring has been placed in the bucket of technologies that companies force on their employees. Whatever you call it, its use is on the rise and it looks like it’s here to stay. As of 2022, 60% of...

Bossware and the Future of Work

Bossware and the Future of Work

Recently, there has been considerable coverage of “bossware” and a focus on draconian types of “surveillance” some companies are using to stay on top of remote and flexible workforces. Articles claim companies are accessing the camera on laptops and tracking every...

The Myths and Truths of Employee Monitoring

The Myths and Truths of Employee Monitoring

Early in the pandemic, searches related to “how to monitor employees working from home” increased by 1,705%. Without the oversight of managers in an office setting, many companies are concerned that their employees are less productive, and that there is an increase...