The results of the SANS survey on insider threats show that organizations are starting to recognize the importance of protecting against the insider threat but struggle to deal with it; as one might expect, larger organizations are more likely to have provisions for responding to such threats.
Key findings include:
- Insider threats are on IT’s radar. Almost three-quarters (74%) of respondents are most concerned about negligent or malicious employees who might be insider threats. The FBI and Department of Homeland Security agree that insider threats have increased and that such threats pose a serious risk1.
- Organizations fail to focus on solutions. The pattern of survey respondents recognizing the problem while failing to implement solutions that effectively deal with it does not bode well. This yawning gap between claimed priorities and resources available for budget and planning is a playground for attackers.
- About a third of organizations know they’ve experienced an insider attack. This is only the tip of the iceberg; many insider threats go undetected, and some are only detected by accident.
- Prevention is more a state of mind than a reality. Over 68% of respondents consider themselves able to prevent or deter an insider incident or attack. Half (51%) believe their prevention methods are “effective” or “very effective.” Yet 34% of respondents indicated that they have still suffered actual insider incidents or attacks, some of which were costly.
- The financial impact is significant. Almost one-fifth (19%) of respondents believe that the potential loss from an insider threat is more than $5 million; another 15% valued such loss at $1 to $5 million. Immeasurable costs include brand and reputation damage and related costs not tracked in this survey.
- Spending on insider threats will increase next year. One-fifth (20%) of respondents indicated they will increase their spending on the issue to 7% or more next year, demonstrating more awareness and focus on this area.