Dealing with Insider Threat can be a difficult, but essential task. The consequence of identity access management is incredibly important when considering the 2020 Insider Threat Report, produced by Gurucul. After surveying 400,000 professionals in the information security industry, the results found that almost half of respondents were unable to remediate insider threat after the data was lost. The Cybersecurity Insiders and Gurucul study found that lack of visibility into anomalous activity, especially in the cloud, and manual SIEM workloads have increased the risk of insider threats for organisations and prevent many from detecting and stopping data exfiltration.
The results of the study found that 68% of organisations feel vulnerable to insider attacks, while 53% of organisations believe detecting insider attacks has become significantly to somewhat harder since migrating to the cloud. The importance of implementing adequate identity management has never been clearer as 63% of organisations think that privileged IT users pose the biggest insider security risk to organisations. The key factors that companies cite when considering their threat posture are: lack of resources (31%) and too many false positive alerts (22%). These are generally regarded as the biggest hurdles in maximising the value of SIEM technology. Indeed, only about one third of organisations are able to detect anomalous behaviour in NetFlow/packet data (35%), service accounts (39%) and cloud resources (30%).
Highlighting the findings, Craig Cooper the COO of Gurucul stated that “insider threats are not limited to employees. They extend to contractors, supply chain partners, service providers and account compromise attacks that can abuse access to an organisation’s assets both on-premise and in the cloud”. Cooper went on to state that a “lack of visibility and legacy SIEM deployments put companies at risk. Insider threat programs that monitor the behaviour of users and devices to detect when they deviate from their baselines using security analytics can provide unmatched detection, risk-based controls and automation”.
More companies should look to deploy tried and tested security-oriented procedures to reduce the chance of insider threat. Implementing a security first mindset will help corporations navigate the increasingly complicated threat landscape, and hopefully by the next Threat Report, more organisations will feel secure that they are safe from insider threat.
