Report: More Than Half of Organizations Have Experienced an Insider Threat in the Past Year

Report: More Than Half of Organizations Have Experienced an Insider Threat in the Past Year

  • Feb 06, 2023

Gurucul, a provider of solutions in the Next Generation SIEM market, and Cybersecurity Insiders, a 600,000+ member online community for information security professionals, recently released its annual 2023 Insider Threat Report. Overall, results indicate insider threats are a top concern at organizations of all kinds; only 3% of respondents surveyed are not concerned with insider risk.

With responses from more than 325 cybersecurity professionals, the report explores the latest trends and challenges organizations are facing as they work to adapt to changing insider threats, and how organizations are preparing to better protect critical data and IT infrastructure.

The report found that organizations have never felt more vulnerable with three-quarters of respondents saying they feel moderately to extremely vulnerable to insider threats – an increase of 8% over the previous year. This rise in perceived vulnerability coincides with a significant increase in insider attacks as 74% of organizations report that attacks have become more frequent (a 6% increase over last year), with 60% experiencing at least one attack and 25% experiencing more than six attacks.

Organizations are also struggling with insider threats in the cloud and often don’t have the necessary technical capabilities in place to detect and prevent them. Almost all organizations (87%) consider unified visibility and control across all apps, devices, web destinations, on-premises resources, and infrastructure to be moderately to extremely important. However, less than half (48%) monitor for unusual behavior across their cloud footprint and the web. Furthermore, over half of respondents said that detecting insider threats is harder in the cloud and that uptime and performance of tools like SASE and CASB is vital to success.

“This report sheds light on some of the most interesting insider threat challenges facing organizations today. While it shows that 86% are using some sort of solution to monitor user behavior in some way, it was surprising to see that access logging was the primary method, and that only 25% are using automated tools to monitor user behavior 24×7,” said Saryu Nayyar, Gurucul CEO. “The types of monitoring and analytics used to detect insider threats vary widely between organizations. This highlights the need for better tools and processes to analyze data behavior, user behavior, access and movement across a network both internally and externally to detect and prevent insider attacks.”

Some additional key stats from the report include:

  • The top factors that make timely detection and prevention of insider attacks difficult include trusted insiders that already have credentialed access to apps, networks, and services (54%), the increased use of SaaS apps that can leak data (44%), and an increase in personal device use with access to corporate resources (42%).
  • Among all potential insiders, cybersecurity professionals are most concerned about IT users and admins with far-reaching access privileges (60%). This is followed by third-party contractors and service providers (57%), regular employees (55%), and privileged business users (53%).
  • The rising threat of insider attacks is a strong driver for organizations to implement formal insider risk programs. 39% of organizations already have an insider threat program in place. Another 46% are planning to add insider threat programs in the future – a rise of 5% over the prior year.
  • The shift to hybrid and remote work has aggravated insider risk. 68% of security pros are concerned or very concerned about insider risk considering a post-Covid return to the office or a permeant hybrid work model.
  • Compromised accounts/machines are the most concerning type of attack at 77%, but inadvertent and negligent data breaches were more concerning than malicious breaches. It’s a good reminder that user errors and accidental policy violations can be just as harmful as malicious ones.

“The threat landscape has changed significantly over the last year as organizations recalibrate to new hybrid work models, as access to cloud apps increases, and as economic uncertainty drives insider risks to new levels,” said Holger Schulze, CEO and Founder of Cybersecurity Insiders. “This report is designed to take the pulse of security professionals that are in the trenches working to mitigate insider threats and give readers a better understanding of the challenges we all face across the industry.”

Featured

  • Bringing New Goods to Market

    The 2024 version of GSX brought with it a race to outrun incoming hurricane Helene. With it’s eye on Orlando, it seems to have shifted and those security professionals still in Orlando now have a fighting chance to get out town. Read Now

    • Industry Events
    • GSX

  • Live from GSX 2024: Day 3 Recap

    And GSX 2024 in Orlando, is officially in the books! I’d like to extend a hearty congratulations and a sincere thank-you to our partners in this year’s Live From program—NAPCO, Eagle Eye Networks, Hirsch, and LVT. Even though the show’s over, keep an eye on our GSX 2024 Live landing page for continued news and developments related to this year’s vast array of exhibitors and products. And if you’d like to learn more about our Live From program, please drop us a line—we’d love to work with you in Las Vegas at ISC West 2025. Read Now

    • Industry Events
    • GSX

  • Live from GSX 2024: Day 2 Recap

    Day 2 was another winner at GSX 2024 in Orlando. Aisles and booths were packed with attendees looking at some of the new and latest security technology. Remember to follow the GSX Live page from Security Today, as well as SecurToday on X and Security Today on LinkedIn to find out more about what’s happening on the show floor during tomorrow’s final day. Here’s what was happening with all four of our partners during the event on Tuesday. Read Now

    • Industry Events
    • GSX

  • How Much Carbon is Your Footprint Leaving?

    A more sustainable future is not only shared responsibility, it is increasingly critical. Securitas, is inviting clients and industry partners to make a difference in an ever-evolving world that faces diverse sustainability challenges. Read Now

    • Industry Events
    • GSX
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3