Insider Risk

The data says it’s the data

By Veriato Team

In our last post we discussed four key takeaways from a recent research effort into the scope and nature of the insider threat. In this post, we’ll continue to explore the data …

… and the data says it’s the data you are most concerned about.

63% of survey respondents are most concerned with data leaks stemming from insider attacks. 29% are most concerned with IP Theft, 23% with espionage. Fraud was the only type of insider threat that ranked highly (36%) that was not directly about data getting into the hands of those who should not have it.

What data in particular? Customer data, intellectual property, sensitive financial, and company data (employee information, sales and marketing data, and healthcare related data) were the top types of data most vulnerable to an insider attack.

It’s also unsurprising that privileged users (such as managers with access to sensitive information) were the top choice for the user group that poses the biggest security risk. Often the privileged user term is used to refer to IT Admins and the like, but in this case 41% viewed that group as posing the biggest risk. (Note: there may be some built in bias here, as a lot of the respondents would fall into this group). “Regular” employees came in at 46%, about on a par with contractors and consultants.

Yet with all this concern about data being leaked, breached, or stolen by insiders, only 21% of organizations continuously monitor the behavior of the users on their network. And a significant plurality (48%) rely on server logs to provide visibility into user behavior. Server logs have a place, but when it comes to focused detection of insider attacks, they are simply not sufficient.

In the next and final post in this series, we’ll continue to break down the survey data and take a look at how organizations can begin to sharpen their focus on this problem.

Insider Risk – How Prepared Are You?

Insider Risk – How Prepared Are You?

Not every company is equally prepared to deal with insider risk. This report outlines the four stages of insider risk maturity and explores how to improve your insider risk preparedness.

About the author

Veriato Team
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Quis ipsum suspendisse ultrices gravida.

Insider Risk & Employee Monitoring Resources

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Key Takeaways: Closing the Gaps in Traditional Security Tools: IAM, SIEM, and DLP are vital but insufficient in addressing insider risks. They focus on access control, event logs, and data protection without understanding the behavioral context that signals insider...

Insider Risk Management: Addressing the Human Side of Risk

Insider Risk Management: Addressing the Human Side of Risk

Key Takeaways: Proactive Over Reactive: Shifting from a reactive to a proactive approach is essential in managing insider risks. Continuous monitoring and analysis of human behavior are key to detecting potential insider risks before they escalate. The Power of AI:...