One of the biggest problems of insider threats is the delay in detection, says a new report.
Along with detection, managing, and fighting insider threats is challenging, especially in the case of a tight budget and insufficient tools. According to the latest report from the Bitglass 2020 Insider Threat Report, the average cost of remediating an attack ranges from $100,000 to $2 million. Even if the costs are under $100,000, they can add up in the face of multiple attacks.
As more employees are now working from home, it has increased the possibility of increasing insider threats that lead to data loss, business slowdowns, legal liabilities, and reputation damage.
Typically, insider threats come from angry or careless current employees, or former employees who still have access to company networks. Most of the time, it takes around a week to detect an insider attack and more than a week to recover from it.
The loss of critical data and the disruption to business operations were the top consequences of insider attacks, followed by brand damage and the costs of remediation, found the report, loss of revenue, loss in market valuation, and noncompliance with regulations.
As per the survey, half of the respondents found it difficult to detect insider threats after their organization migrated to the cloud. The majority of them said they it is not possible to guarantee that they can detect insider threats coming from the personal devices of employees. In order to discover threats, those devices need to be on-premises or run specific software to be discovered.
Here are a few measures organizations can take to combat insider threats.
- Foster real-time data loss prevention capabilities like digital rights management that can prevent data leakage
- In order to identify suspicious departures from the norm, it is essential to analyze user and entity behavior analytics that use machine learning to baseline user behavior.
- Bolster MFA for users in unusual locations and especially for those who are engaging in unusual activities.
- It is important to conduct cloud encryption for sensitive files and fields to keep confidential or regulated data safe from insider threats.
- With the increasing BYOD model, companies can go with agentless deployment modes that don’t require software installations on endpoints.
A report from Gartner, earlier this year found that by 2023, 60% of large enterprises will have well-defined incident response scenarios for insider threats, 20% up from the current state. It is essential for organizations to identify the potential risky behaviours and map them against potential solutions. The mitigations may differ by organization; however, common scenarios like installing unsanctioned software, failing password attempts and attempting access to other employee accounts, will still remain the same.
Lastly, enterprises should not overlook past insider threats as it will help in testing and refining the incident response preparation and readiness. It can help companies create a playbook of use cases and implement incident management process improvements for future incident indicators. Other challenges to combat insider threat management are lack of a sufficient budget, talented staff, and a lack of the right security tools.