More than half of organizations don’t have an insider risk response plan
Both business and security leaders are allowing massive insider risk problems to fester in the aftermath of the significant shift to remote work in the past year, according to a Code42 report.
During that same time, 76% of IT security leaders said that their organizations have experienced one or more data breaches involving the loss of sensitive files and 59% said insider threat will increase in the next two years primarily due to users having access to files they shouldn’t, employees’ preference to work the way they want regardless of security protocols and the continuation of remote work. Despite these forces, 54% still don’t have a plan to respond to insider risks.
“Insider risk affects every organization. It is a byproduct of employees getting their work done everyday – how they create, access and share files in today’s collaboration culture. However, security teams are at a disadvantage: there is a lack of understanding of insider risk, which is leading to complacency, failing technologies and inadequate processes. The severity of the insider risk problem is being consistently overlooked, evidenced by the sharp rise in risky behavior this year,” said Joe Payne, Code42’s president and CEO.
“Our findings show that organizations are not even measuring the efficacy of their insider risk mitigation programs. Inattention to insider risk management, as demonstrated in this report, will threaten the future of the digital enterprise.”
COVID-19 exacerbated an already growing threat
Prior to the pandemic, cloud-based collaboration technologies and workforce turnover had become major drivers of data exfiltration as insider threat programs were failing to keep pace with today’s digital workplace.
Insider risk is not a new threat vector, but with our new work-from-home normal and rising employee burnout rates, employees are 85% more likely to leak sensitive files now, than before COVID-19. And the leaking of sensitive files isn’t just theoretical – since COVID-19, 61% of IT security leaders said their remote workforce was the cause of a data breach.
Additionally, the study found:
- In the past year, 76% of IT security leaders say their organization has experienced one or more data breaches involving the loss of sensitive information contained in files.
- Of those data breaches, the two most common causes were malicious or criminal insiders and employee carelessness, followed by external attacks and system glitches.
Insider risk response plan
Today IT security leaders say it takes an average of 118 days to identify a data breach and 55 days to contain one – a nearly six month process. Why is that? 46% of organizations have an insider risk response plan (IRRP). Of those with an IRRP, 71% apply it inconsistently or on an ad hoc basis.
In addition to insufficient response planning, the majority of security tools for insider risk are not adapted to the way we work. 71% of IT security leaders lack complete visibility to sensitive data movement.
The study also found:
- 80% of business decision makers believe they are entitled to or should own the work product they create.
- Insider risk processes are broken in 70% of organizations where the C-suite and board of directors are briefed on insider threats annually, on an ad-hoc basis, only when they request it or not at all.
- 40% say they do not regularly – or ever – assess the effectiveness of their technologies in mitigating the insider threat.
- 66% of IT security leaders believe their budget for insider risk is insufficient and 54% of them spend less than 20% of their budgets on insider risk.
Security teams need to mature their capabilities – and DLP is not the answer
Productivity demands are requiring the use of tools that enable speed and collaboration across organizations, but security teams are largely limited in their ability to monitor those tools for risky behavior due to an over-reliance on traditional, blocking technologies.
Security teams are missing the right context for the problem, and instead continue to deploy technologies that block file sharing, inevitably impacting productivity both for employees and security teams. At the same time that trends around remote work are expected to continue, budget for insider risk programs remains a concern.
The study found:
- 59% of IT security leaders say insider threat will increase or increase significantly in the next two years primarily due to users having access to files they shouldn’t, employees’ preference to work the way they want regardless of security protocols and the continuation of remote work.
- Employees are being disrupted while trying to do legitimate work. 51% of IT security leaders receive daily or weekly complaints about mistakenly blocking legitimate employee file activity.
- Files moving from endpoint to cloud services and applications, whether employees are on or off the network, are the biggest insider risk blindspots for security teams.
- 53% of security teams are blind to users moving files to untrusted domains. And 56% of security teams lack historical context into user behavior. In other words, security teams have no idea when an employee may become an insider risk.