IT scale and sophisticated malware make insider attacks more difficult to prevent and detect Over the past few years, the security community has focused its attention on attacks coming from Odessa, Tehran, and Beijing. On balance this is a good thing as we are learning more about our cyber adversaries. That said, what about insider attacks? Back around 2008, insider attacks were viewed as the most dangerous of all since insiders tend to know what they want, where it is, and how to get it. Is this still the case? Yes. While APTs make the best headlines, it turns out that insider attacks are still a major problem. According to a recent ESG research survey of 707 organizations, 46% of firms believe they are “very vulnerable” or “vulnerable” to an insider attack. Yikes!Beyond being vulnerable to insider threats and attacks, the story gets even worse. It turns out that 54% of organizations claim that insider attacks are more difficult to detect and prevent than they were in 2011. Why? Several reasons:• 37% or respondents point to the fact that there are more people – like employees, contractors, and business partners – with access to the network. This increasing population makes it more difficult to isolate suspicious behavior.• 36% say that the growing use of cloud computing at their organization makes insider threat detection/prevention more difficult. Cloud computing distributes sensitive data access beyond internal IT and thus increases the attack surface for insider attacks. • 35% indicate that the growing volume of network activity makes insider attack detection/prevention more difficult. So network scale interferes with baselining normal behavior, pinpointing anomalies, and detecting/addressing attacks. • 27% admit that cyber-attacks like APTs make insider attack detection/prevention more difficult. This indicates that insiders are using sophisticated attack techniques that emulate “normal” behavior. If this ESG data doesn’t scare you then the name “Edward Snowden” should. While people debate whether Snowden is a hero or a traitor, there’s no question that he was able to circumvent tight security controls, steal sensitive data, and cause extensive damage to his employer (in this case, Booz Allen Hamilton and the NSA). Some people are paying attention to these alarming trends — ESG found that 45% of organizations admit that the Edward Snowden incident actually changed their perspective on insider threats. Given how vulnerable organizations are and how difficult it is to detect/prevent insider attacks, it’s time for all CISOs to reassess insider risks, defenses, and detection/prevention efficacy. If the ESG data is any indication, these areas may be much worse than they think. Related content analysis 5 things security pros want from XDR platforms New research shows that while extended detection and response (XDR) remains a nebulous topic, security pros know what they want from an XDR platform. By Jon Oltsik Jul 07, 2022 3 mins Intrusion Detection Software Incident Response opinion Bye-bye best-of-breed? ESG research finds that organizations are increasingly integrating security technologies and purchasing multi-product security platforms, changing the industry in the process. By Jon Oltsik Jun 14, 2022 4 mins Security Software opinion SOC modernization: 8 key considerations Organizations need SOC transformation for security efficacy and operational efficiency. Technology vendors should come to this year’s RSA Conference with clear messages and plans, not industry hyperbole. By Jon Oltsik Apr 27, 2022 6 mins RSA Conference Security Operations Center opinion 5 ways to improve security hygiene and posture management Security professionals suggest continuous controls validation, process automation, and integrating security and IT technologies. By Jon Oltsik Apr 05, 2022 4 mins Security Practices Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe