A new study has found that more than half of organizations believe detecting insider threats is harder following migration to the cloud.
The 2020 Insider Threat Report published today found that a lack of visibility into anomalous activity, especially in the cloud, and manual SIEM workloads have increased the risk of insider threats for organizations and prevent many from detecting and stopping data exfiltration.
The annual report was produced with the support of Gurucul by Cybersecurity Insiders, the 400,000-member community of information security professionals, to explore how organizations are responding to evolving security threats.
Key findings are that 58% of organizations consider their monitoring, detecting, and response to insider threats somewhat effective or worse, and 53% believe that detecting insider attacks has become significantly to somewhat harder since migrating to the cloud.
Nearly half of the companies surveyed for the report admitted that they are unable to remediate insider threats until after data loss has occurred.
Although 68% of organizations indicated that they felt vulnerable to insider attacks, 17% admitted having no visibility whatsoever into user behavior within core applications.
The most popular method for monitoring user behavior within core applications was via server logs, which were used by 46% of companies surveyed for the report. In-app audit systems/features were used by 31%, and 33% said that they had conducted user-activity monitoring.
The majority of organizations—87%—found it moderately difficult to very difficult to determine the actual damage of an insider attack, though the most common estimate, given by half of the organizations surveyed, was that an insider attack would cost less than $100,000.
As for identifying the sources of threats, 63% of organizations think that privileged IT users pose the biggest insider security risk.
“Insider threats are not limited to employees. They extend to contractors, supply chain partners, service providers and account compromise attacks that can abuse access to an organization’s assets both on-premise and in the cloud,” said Craig Cooper, COO of Gurucul.
“Lack of visibility and legacy SIEM deployments put companies at risk. Insider threat programs that monitor the behavior of users and devices to detect when they deviate from their baselines using security analytics can provide unmatched detection, risk-based controls and automation.”