Insider Risk

Insider Threats and the Need for Fast and Directed Response

The results of the SANS survey on insider threats show that organizations are starting to recognize the importance of protecting against the insider threat but struggle to deal with it; as one might expect, larger organizations are more likely to have provisions for responding to such threats.

Key findings include:

  • Insider threats are on IT’s radar. Almost three-quarters (74%) of respondents are most concerned about negligent or malicious employees who might be insider threats. The FBI and Department of Homeland Security agree that insider threats have increased and that such threats pose a serious risk1.
  • Organizations fail to focus on solutions. The pattern of survey respondents recognizing the problem while failing to implement solutions that effectively deal with it does not bode well. This yawning gap between claimed priorities and resources available for budget and planning is a playground for attackers.
  • About a third of organizations know they’ve experienced an insider attack. This is only the tip of the iceberg; many insider threats go undetected, and some are only detected by accident.
  • Prevention is more a state of mind than a reality. Over 68% of respondents consider themselves able to prevent or deter an insider incident or attack. Half (51%) believe their prevention methods are “effective” or “very effective.” Yet 34% of respondents indicated that they have still suffered actual insider incidents or attacks, some of which were costly.
  • The financial impact is significant. Almost one-fifth (19%) of respondents believe that the potential loss from an insider threat is more than $5 million; another 15% valued such loss at $1 to $5 million. Immeasurable costs include brand and reputation damage and related costs not tracked in this survey.
  • Spending on insider threats will increase next year. One-fifth (20%) of respondents indicated they will increase their spending on the issue to 7% or more next year, demonstrating more awareness and focus on this area.

Get Instant access

Employee Monitoring Resources

3 Steps to Spotting Insider Risk

3 Steps to Spotting Insider Risk

Your employees have access to your organization’s most valuable data – customer detail, intellectual property, personally identifiable information (PII), vendors lists, bank accounts, financials, and more. When an employee no longer has the organization’s best...

How to Rebrand “Bossware” at Your Company

How to Rebrand “Bossware” at Your Company

How to Deploy Employee Monitoring Software with the Least Amount of Resistance Employee monitoring. Productivity software. Bossware. Whatever your employees call it, not everyone is thrilled with the idea that their company wants to track their activity. While...

Suspicious That Your Work-From-Home Employees Aren’t Productive?

Suspicious That Your Work-From-Home Employees Aren’t Productive?

How To Regain Visibility Into Your Remote Team's Productivity Do you have the nagging feeling that the people on your team that work from home are taking advantage of their newfound freedom? Perhaps they aren’t as responsive on Slack, or block off meeting times as...