In our most recent post we identified that only a small number (21%) of organizations are continuously monitoring the behavior of their users. Further, we say that the most common method for gaining visibility into user behavior with core applications is the review of server logs.
Only 30% of organizations are using any type of analytics to help them detect insider threats.
Insider threats are real. They are damaging. They are difficult to detect and prevent. And we are concerned about our data.
Yet budgets are not aligned. And only about 1/5 of organizations have focused technology in place aimed at detecting the types of shifts in user behavior that indicate insider threat. Something needs to change, or we will continue to read about devastating insider attacks.
Where to start? As mentioned in the initial post on this topic, the first and most critical step towards mitigating the risk of a successful insider attack is detection. There is a detection problem. The good news is that problems can be solved.
First, focus where the problem is. The most common launching point for an insider attack is the endpoint - the place from where the insider is accessing the databases and file servers. We have users. Users are insiders. User Behavior Analytics has emerged to focus on detecting insider threats. And our user / insiders are most commonly attacking from the endpoint.
It stands to reason that we need to focus on the user activity and behavior taking place on the endpoint. Given the high cost of cleaning up after a successful insider attack, we can't afford not to.
The data says it's the data
One million six hundred ninety-one thousand reasons to look inside