Nearly Half of IT Professionals More Concerned About Insider Threats Than External Threats, With Naive Individuals and Employees Bending the Rules Driving Concerns
Dec 01, 2016
SAN FRANCISCO, CA – Dec 1, 2016 – Despite the perception that hackers are a company’s biggest cybersecurity threat, insiders, including careless or naïve employees, are now viewed as an equally important problem, according to new research from Preempt, pioneer of the industry’s first behavioral firewall.
The survey by Dimensional Research and commissioned by Preempt, titled, “The Growing Security Threat from Insiders,” found that about half (49 percent) of IT security professionals surveyed are more concerned about internal threats than external threats. Malware installed unintentionally by employees was the top concern of respondents, ahead of stolen or compromised credentials, snatched data and abuse of admin privileges.
“Internal threats are emerging as equally as important as external threats, according to respondents. This means that an employee cutting corners to get their job done more efficiently is viewed as potentially just as dangerous as a malicious external hacker,” said Diane Hagglund, founder and principal of Dimensional Research. “Yet these views aren’t reflected in the allocation of security budgets, which is traditionally focused on perimeter security.”
In addition to concerns about insider threats, the report also analyzed cybersecurity training and end user engagement programs. While 95 percent of the companies surveyed provide end user security training, only 10 percent believe the training is very effective.
“Intentional or not, insider threats are real,” says Ajit Sancheti, co-founder and CEO of Preempt. “From Snowden to the FDIC, headlines continue to emerge and we need to take a new approach to get ahead of insider threats. Without real-time prevention solutions and improved employee engagement, these threats will not only increase, but find more sophisticated ways to infiltrate and navigate a network. The future of security practices rely on the ability to not only understand users and anticipate attacks, but also how to mitigate threats as quickly as possible.”
- Insider threats are a growing problem for enterprises
- About half (49 percent) are more concerned about internal threats than external threats.
- Top concerns are malware installed by careless employees (73 percent), stolen or compromised credentials (66 percent), stolen data (65 percent), and abuse of admin privileges (63 percent).
- The majority of security professionals (87 percent) are most concerned about naive individuals or employees who bend the rules to get their job done; only 13 percent are more concerned about malicious insiders who intend to do harm.
- End user engagement is critical to the success of security programs
- While 95 percent provide end user security training, only 10 percent believe the training is very effective.
- 81 percent say end users are willing to learn, but only 25 percent say they are willing to put in the effort to learn.
- 66 percent see value in providing real-time training and feedback when an end user does something they shouldn’t.
- Security teams need additional solutions and approaches to help protect from insider threats
- Only 10 percent describe their security team as lacking necessary skills.
- 64 percent have the skills, but are overworked so can’t respond.
- 91 percent report insiders have access to systems they shouldn’t.
- 70 percent can’t effectively monitor privileged user activities.
The Preempt Behavioral Firewall can detect and prevent insider threats by identifying risky behavior and engages with the user or employee in real-time to validate legitimate or malicious activities. The type of response adapts based on type of threat, user and other key security vectors. This proactive approach, along with greater visibility and insights, helps customers better secure their network and reduce their attack surface.
Survey Methodology and Participant Demographics
This data is based on a survey of 317 IT professionals with responsibility for security. All worked at companies with over 1000 employees. Questions were asked on a wide range of subjects including concerns about insider threats, role of end user engagement in security, and barriers to protecting against insider threats.
Preempt protects enterprises from security breaches and malicious insiders with the industry’s first Behavioral Firewall. This innovative and patented solution couples User and Entity Behavior Analysis (UEBA) and Adaptive Response to provide the most effective solution for both detecting and automatically responding to security threats. This proactive approach allows organizations to preempt threats in real-time without engaging already overwhelmed security teams. The company has its headquarters in San Francisco, CA and development in Israel. Learn more at www.preempt.com.
# # #
Kulesa Faul for Preempt