Why Are Internal Threats Increasing? Five Questions to Ask…

A report published by Cyber-Security Insiders revealed eye-opening responses from CSOs, CIOs and other executives in global enterprises. In summary, their research (commissioned by CA Technologies) uncovered these five facts:

  • Ninety percent of organizations feel vulnerable to insider attacks. The main enabling risk factors include too many users with excessive access privileges (37%), an increasing number of devices with access to sensitive data (36%), and the increasing complexity of information technology (35%).
  • A majority of 53% confirmed insider attacks against their organization in the previous 12 months (typically less than five attacks). Twenty-seven percent of organizations say insider attacks have become more frequent. 
  • Organizations are shifting their focus on detection of insider threats (64%), followed by deterrence methods (58%) and analysis and post breach forensics (49%). The use of user behavior monitoring is accelerating; 94% of organizations deploy some method of monitoring users and 93% monitor access to sensitive data. 
  • The most popular technologies to deter insider threats are Data Loss Prevention (DLP), encryption, and identity and access management solutions. To better detect active insider threats, companies deploy Intrusion Detection and Prevention (IDS), log management and SIEM platforms.  
  • The vast majority (86%) of organizations already have or are building an insider threat program. Thirty-six percent have a formal program in place to respond to insider attacks, while 50% are focused on developing their program.

Insider threats continue to rise, in large part in parallel with the growing attack surface, the adoption of new digital and connected technologies and systems, and the value of private data to competitors, criminals and other nefarious actors.

Here are five questions a CISO, board member, or any executive responsible for ensuring the security of systems and protection of data across enterprises and organizations should ask:

  1. Is the company as focused on internal threats as we are in external attacks? In general, organizations devote most of their prevention-focused security controls on inbound security threats compared to internal-to-internal or outbound threats, despite nearly half of the incidents tracked over the last few years having occurred due to internally caused breaches.
  2. Is the company’s culture sensitized to the pervasive strategy of cybercriminals to turn themselves from outsiders to “insiders” as quickly as possible and to invade internally as quickly as possible? One popular strategy for these bad actors is via spear-phishing and the stealing of the login credentials of an unsuspecting user; some drop Remote Access Trojans (RATs).
  3. Does the company have a Privileged Access Management program and platform? PAM is now one of the top security controls that many CISO’s are prioritizing to help them reduce the risks of cyber-attacks, empower their employees and protect their organizations from unauthorized access.  Gartner released a report stating that the #1 project to implement in 2018 was Privileged Access Management, and programs are continuing to grow in 2019.
  4. Have earlier PAM programs been effective? How expensive were they, and how complicated to implement? Legacy solutions have been proven to be difficult and even unfinished, given the issues associated with old solutions being force-fitted into an IT environment moving through a digital transformation, including multi-cloud architectures with software defined perimeters.
  5. How does the company define PAM? What process has been used or should be used to identify the privilege accounts for all critical systems, from infrastructure to sensitive data, security software including patches, premise-based, cloud hosted applications, APIs and more? Has the company completed a data security impact assessment, and is the policy constantly being applied and adapted as technology changes?

Only a comprehensive solution to PAM, and a modern one, can ensure data, applications and infrastructure are properly protected from malicious insider threats and, beyond this risk management, that the company meets increasingly stringent regulatory requirements. And while these first five questions are only a high-level start, being able to answer each leads to deeper discussions about how PAM can play out in the most effective and cost-efficient ways.

Author: Ozge Dogan