Insider threats caused the majority (59 percent) of EMEA data security incidents in the last 12 months, yet 70 percent of organizations in the region don't have a strategy for this risk area, according to a new survey based report by Forrester.
The research, commissioned by Imperva, found that most organizations (59 percent) do not prioritize insider threats the way they prioritize external threats. Despite the fact that insider events occur more often than external ones, they receive lower levels of investment.
This approach is at odds with today’s threat landscape where the risk of malicious insiders has never been higher, says the report. The rapid shift to remote working means many employees are now outside the typical security controls that organizations employ, making it harder to detect and prevent insider threats. Further, ‘The Great Resignation’ is creating an environment where there is a higher risk of employees stealing data. This data could be stolen intentionally by people looking to help themselves in future employment, because they are disgruntled and want revenge, or it could be taken unintentionally when a careless employee leaves the business with important information.
Why are organizations not prioritising insider threats? The majority of respondents blame lack of budget (39 percent) and internal expertise (38 percent), but other problems abound. Nearly a third (29 percent) of organizations do not perceive insiders as a substantial threat, and 33 percent say their organizational indifference to insider threats is due to internal blockers such as a lack of executive sponsorship. In fact, almost three-quarters (70 percent) of organizations do not have an insider risk management strategy or policy, and a majority (58 percent) do not have a dedicated insider threat team.
The findings show that organizations are ‘woefully underestimating the seriousness of insider threats’.
The main strategies currently being used by organizations in EMEA to protect against insider threats and unauthorized usage of credentials are periodical manual monitoring/auditing of employee activity (50 percent) and encryption (47 percent). Many are also training employees to ensure they comply with data protection/data loss prevention policies (65 percent). Despite these efforts, breaches and other data security incidents are still occurring and more than half (56 percent) of respondents said that end users have devised ways to circumvent their data protection policies.
Organizations looking to better protect against insider threats should take the following steps:
Gain stakeholder buy-in to invest in an insider risk program. Insider risk is a human problem, not a technology issue, and must be treated as such. It is also a risk that cuts across all parts of the business. Therefore it is important to get senior executives from across the company to endorse and support the insider risk program for it to be successful. Start at the top to gain buy-in and sponsorship, then engage with leaders from HR, Legal, IT, and other parts of the organization.
Follow zero trust principles to address insider risk. Following a zero trust approach helps protect data and users while limiting the ability of insiders to use sensitive resources not required by their function.
Build a dedicated function to address insider risk. Since insider risk is a human problem and very sensitive in nature, it requires dedicated resources. These may be part of the security team or, better yet, a separate dedicated function. Either way, this team needs a specific mandate for insider risk and training to recognize and respond to insider threats.
Create processes for your insider risk program and follow them. The sensitivity of insider risk and its associated privacy concerns require that strict policies are implemented and followed. Treat every investigation as if it will end up in court and apply policies consistently.
Implement a comprehensive data security solution. A complete solution goes beyond DLP to include monitoring, advanced analytics, and automated response to prevent unauthorized, accidental, or malicious data access. The technologies you deploy should support the processes you’ve created and the mandate for your insider risk function. Your organization will see cost savings and a reduction of risk from business impacting security events.