Almost three quarters of the 650+ international IT professionals Gurucul canvassed said they are vulnerable to insider threats, and ranked user error (39%) and malicious insiders (35%) ahead of account compromise (26%) as their leading concern.
Small enterprises reported being least vulnerable, while manufacturing companies led all sectors for being exceedingly vulnerable. Meanwhile, nearly half of them said they can’t detect insider threats before data has left the organization.
“Insider threats have emerged as the leading concern for companies of all sizes because they are so difficult to detect and have the potential to inflict the greatest damage to an organization,” said Saryu Nayyar, CEO of Gurucul.
“This explains why more than 60% of the companies surveyed are focused on detection and prevention.”
Highlights of the report
At the RSA Conference 2019, the company conducted an Insider Threat Survey of 671 international IT professionals, which spanned small, medium and large organizations in a range of industries.
Some of the highlights include:
- 72% of respondents said they were somewhat or exceedingly vulnerable to insider threats, while 18% said they were not vulnerable and 10% did not know
- The manufacturing sector is the most vulnerable to insider threats with 16% reporting they were exceedingly vulnerable, followed by healthcare at 10%
- The leading insider threat was cited as user error (39%), followed by malicious insiders (35%) and account compromise (26%). This varies by industry with technology sector respondents reporting that malicious insiders are their top concern, with retail citing user error and financial services, and healthcare said it was account compromise
- Top insider threats are also different depending on company size, small (user error), medium (user error & malicious insider) and large (malicious insider)
- When it comes to detecting insider threats, 34% of respondents said they are able to detect threats in real time, 26% before data exfiltration, 27% after exfiltration and 13% can’t detect insider threats
- The majority of companies (61%) said they are focusing on detection and prevention of insider threats, with 39% saying they are focused on prediction and response
- Most organizations (61%) are monitoring users and devices to detect insiders threat, while only 39% are monitoring privileged and service accounts
- False Positives is the biggest hurdle in maximizing the value of SIEMs.