According to a new survey from Cyberhaven, 51% of organizations lack sufficient data protection strategies to detect and prevent insider threats. As employees shift to remote work, companies are bracing for a surge in both accidental and malicious insider attacks. The survey findings indicate a lack of training, coupled with increased freedom to use new devices and cloud apps, can result in a perfect storm for data exposure.
The 2020 Insider Threat Report, commissioned by Cyberhaven and conducted by Cybersecurity Insiders, found half of organizations have experienced operational disruption or outages due to insider threats, while 48% have lost critical data. The vast majority of insider attacks target customer data (61%), followed by financial data (54%), and intellectual property (53%).
Powerful Insider Access and Lack of Employee Awareness Create Critical Blind Spots
60% of cybersecurity professionals believe detecting and preventing insider attacks is more difficult than external attacks. It becomes even more difficult as a growing number of employees are given legitimate, credentialed access to networks and services (61%). Without visibility into the movement of sensitive data across their networks, organizations can easily overlook threat actors operating in plain sight.
Yet most insider threats are not malicious at all, as 58% report a widespread lack of employee awareness and training that leaves organizations vulnerable. Opportunistic attackers understand this, and have ramped up phishing and ransomware attacks during this time of uncertainty.
Spike In Connected Devices and Unauthorized Cloud App Usage Drives Data Leaks
As employees transition to remote work, many are using personal or newly purchased devices. According to the survey findings, 51% of respondents identify an increase in connected devices with access to sensitive corporate data as a key enabler of insider attacks.
Employees are using applications that allow them to store files in their personal cloud, share information, and communicate and collaborate with colleagues—often without the security team’s knowledge or oversight. 52% of respondents say the increased use of applications that can leak data (i.e., web email, DropBox, and social media), makes the detection and prevention of insider attacks more difficult than it was just a year ago. Respondents considered communications and messaging apps most vulnerable to insider attacks (42%), followed by cloud storage and file sharing apps (39%).
Security Roadblocks and the Growing Push Toward Behavior Analytics
The majority of respondents (58%) indicated their organization’s ability to monitor, detect, and respond to insider threats is only “somewhat effective” — or worse. Many experience challenges with current solutions such as (DLP), including difficulty keeping policies up to date at the rate of business needs (27%), limited data/file visibility (25%), and too many false positives (23%). According to the study, 37% of cybersecurity professionals find cost to be a major barrier to using DLP tools, while many organizations lack the necessary staff to implement (42%) and maintain (32%) them.
Meanwhile, 70% of respondents agree that tracking file movement across the network is “somewhat important” or “very important,” but this understanding has not yet translated to action, as blind spots still abound. In fact, only 29% of survey respondents reported that they monitor all key assets and system resources today.
To speed the detection of data loss, theft, and misuse by insiders, a growing number of cybersecurity professionals (36%) expressed interest in leveraging User Entity Behavior Analytics (UEBA) and Data Behavior Analytics (DaBA). This is particularly true of IP-intensive industries such as defense, high tech manufacturing and pharmaceuticals that must continuously monitor and protect customer data, patents, and new product designs.
“As we witness the sudden and necessary explosion of remote work and tools needed for it, the resulting complexities increase the risk of insider threats,” said Dr. Volodymyr Kuznetsov, CEO of Cyberhaven. “The best way for modern enterprises to meet this new challenge is to simply follow corporate data wherever it goes. Cybersecurity professionals are recognizing the value of Data Behavior Analytics, which enables real-time visibility into the movement of intellectual property as it travels across cloud and on-premise environments—revealing intent of data exfiltration and exposing insider threats before it’s too late.”