Veriato Blog

Veriato Blog

One million six hundred ninety-one thousand reasons to look inside

by Mike Tierney | Sep 28, 2015
  • Insider Threats
  • Insider Attacks
  • Insider Threat Prevention
  • Insider Threat Detection
  • Insider Threat

We recently sponsored our second significant research effort aimed at helping understand the scope and nature of insider threats. Much like the first, this effort includes some key takeaways:

  1. Insider attacks are on the rise

    62% of security professionals who took part in the survey believe insider attacks have become more frequent in the last 12 months. I think it's ok to ask whether insider attacks are actually on the rise, or simply, finally, getting the type of attention that the seriousness of the problem warrants.

  2. Insider attacks are costly.

    Survey respondents estimate the cost of remediating a successful insider attack at some $445,000. From the just about 1/4 of respondents who bravely acknowledged experiencing an insider attack(s), we learned that the average number of known insider attacks per organization in the last 12 months was 3.8. We'll leave the math to you the reader. Suffice to say that rapid detection of an insider attack, with response aimed at shutting the threat down, can save a lot of money.

  3. Budget priorities are not aligned

    Only 34% expect their insider threat management budget to increase in the coming 12 months. More than 10% actually believe their budgets will go down.

  4. Insider attacks are difficult to detect and prevent

    When asked how difficult it is to detect and prevent, 62% said insider attacks are more difficult than external attacks. This makes sense for multiple reasons. First, an overwhelming majority of budgeted dollars go towards defending against external attacks as compared to internal. All that firepower breeds confidence. Second, insider attacks are by their very nature difficult to deal with. So many of the steps an outside adversary would need to execute to get at sensitive data or systems are not needed when an insider in involved. Fewer steps = fewer opportunities to get caught. Third, the question asked about both detection and prevention. How do we prevent someone who has the keys to our house and our alarm code from entering it when we aren't home and rifling through the drawers?

When it comes to insider attacks, our focus needs to be on detection. Because if we can detect a problem we can respond to it. Don't let the daunting nature of trying to figure out how to prevent or paralyze you from taking action that will help secure your company.


Related Posts:

Attack the problem before the problem attacks you

The data says it's the data



Related Blog Posts