2018 Crowd Research Partners ‘Insider Threat Report’: hopes and fears revealed

Crowd Research Partners released their annual Insider Threat Report, which is the most comprehensive survey on the topic of insider threats. The survey is comprised of 472 cybersecurity professionals, the majority (87%) being in leadership roles. The report is rich with data so let’s explore what has been identified. While this article provides an overview, it’s worth it to see the report for yourself to understand the context behind the final product.

The key findings of the survey were that an overwhelming 90% of organizations felt vulnerable to insider attacks. The top three risk factors enabling the insider threat vulnerability are excessive access privileges (37%), endpoint access (36%), and information technology complexity (35%). Of the 472 professionals interviewed, 53% confirmed that an insider attack had happened at their organization in the last year.

The insiders they fear

The survey had some interesting results about who companies consider the riskiest insiders. Surprisingly there was almost an even split in every question asked.

• Survey respondents are almost equally worried about malicious insiders (47%) and accidental insiders (51%)
• Regular employees (56%), privileged users (55%), and contractors (42%) seem to pose the largest concern for respondents. Privileged users in this survey include IT admins and company executives.
• When asked the question of what they see as the biggest enabler of accidental insider threats respondents indicated overwhelmingly that phishing attempts and weak passwords were the most concerning enablers.
• 90% of survey respondents have stated that they feel vulnerable to insider threats.

What’s at risk?

Businesses must understand the role of data in today’s world, that data is no longer just IT’s responsibility. Rather data is the lifeblood of all business. One breach can be all it takes for an end to an organization. Survey respondents stated that the top three types of data vulnerable to an insider attack are confidential business information (57%), privileged account information (52%), and personal information (49%). The data assets most vulnerable to insider attacks are databases (50%), file servers (46%), and cloud applications (39%).

Risk factors and impact

It’s one thing to identify that cyber security professionals are worried about insider threats, but the Crowd Research Partners report goes further and asks professionals what they believe have enabled these threats.

• The top concerns are excessive access (37%), endpoint access (36%), complex technology (35%), growing amounts of sensitive data (34%), and lack of employee training (31%).
• As far as threat type likelihood, there seems to be an even split of thirds between external attack, malicious insider attacks, and unintentional insider breaches.
• A majority of professional respondents have also stated that they weigh all threat types as equally damaging to their organization.
• 33% of respondents were not sure or had no value attributed to the cost of a data breach. While another 27% of respondents have claimed that an insider data breach could cost them roughly $100K to $500K in US dollars.

Securing the fort

Insider threats require advanced detection and prevention controls and systems. Despite all of the doom and gloom above, it would seem that many of the survey respondents have security controls in place to handle insider threats.

• 73% of respondents claim to have established appropriate controls to detect and prevent insider threats. While 15% outright said not. The remaining 12% was not sure.
• More specifically survey respondents claimed that the deterrence controls they had data loss prevention controls (60%), total data encryption (60%), and access management controls (56%).
• When it comes to detection controls, respondents have claimed they have had success with the following tools: intrusion detection and prevention (ids/ips) (63%), log management (62%) and security information and event management (siem) (51%), and predictive analytics (40%).
• When it comes to monitoring how insiders are interacting with data, a more than 88% of survey respondents believe it is necessary to monitor, profile, and identify insiders based on their behavior with data.
• Analytics is also increasing in application. Last year 30% of companies did not use analytics, now however it is down to 14%. Security and access analytics are the two most popular, with behavior analytics behind them by 8%.

Insider threat management

Organizations understand that insider threat mitigation is not something technology alone is going to solve. However, in this year’s survey it would appear that the approach of most (64%) insider threat programs seems to be detection. This is followed closely by deterrence (58%) and then by analysis and post breach forensics (49%). Half of the respondents interviewed believe their organization is maturing in their insider threat program. Only 36% answered confidently that their insider threat program was at a mature stage.

The roadblocks to successful insider threat management were identified as lack of training, lack of technology, lack of department collaboration, and lack of budget. The only problem that seemed to have increased is access to suitable technology for insider threat management.

Many organizations also seemed to possess the capability to detect an insider attack within the same day, and even better mitigate or full on stop the insider attack within minutes or hours of detection.

As far as budget goes, it would seem that the respondent organizations IT security budgets are increasing for nearly half over the next year. Within these the allocation for cyber security survey respondents seem to have identified that roughly 6-10% is dedicated exclusively to insider threat prevention and mitigation.

The study itself is quite comprehensive and goes over a lot. It would be best to read the study in full to gain an understanding of where you may stand in the business community when it comes to mitigation of insider threats.