As breaches continue to cause significant damage to organizations, security consciousness is shifting from traditional perimeter defense to a holistic understanding of what is causing the damage and where organizations are exposed. Although many attacks are from an external source, attacks from within often cause the most damage.
This report looks at how and why insider attacks occur and their implications.
Why focus on insiders? Because they may have unfettered access to sensitive data, as well as the means, methods and motives to access information, virtually undetected. The results of the SANS survey on insider threats show that organizations are starting to recognize the importance of protecting against the insider threat but struggle to deal with it; as one might expect, larger organizations are more likely to have provisions for responding to such threats .
Key findings include:
• Insider threats are on IT’s radar. Almost three-quarters (74%) of respondents are most concerned about negligent or malicious employees who might be insider threats. The FBI and Department of Homeland Security agree that insider threats have increased and that such threats pose a serious risk.1
• Organizations fail to focus on solutions. The pattern of survey respondents recognizing the problem while failing to implement solutions that effectively deal with it does not bode well. This yawning gap between claimed priorities and resources available for budget and planning is a playground for attackers.
• About a third of organizations know they’ve experienced an insider attack. This is only the tip of the iceberg; many insider threats go undetected, and some are only detected by accident.
• Prevention is more a state of mind than a reality. Over 68% of respondents consider themselves able to prevent or deter an insider incident or attack. Half (51%) believe their prevention methods are “effective” or “very effective.” Yet 34% of respondents indicated that they have still suffered actual insider incidents or attacks, some of which were costly.
• The financial impact is significant. Almost one-fifth (19%) of respondents believe that the potential loss from an insider threat is more than $5 million; another 15% valued such loss at $1 to $5 million. Immeasurable costs include brand and reputation damage and related costs not tracked in this survey.
• Spending on insider threats will increase next year. One-fifth (20%) of respondents indicated they will increase their spending on the issue to 7% or more next year, demonstrating more awareness and focus on this area.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program