Only 25% of organizations consider their biggest threat to be from inside the business
A worrying 73.48% of organizations feel they have wasted the majority of their cybersecurity budget on failing to remediate threats, despite having an over-abundance of security tools at their disposal, according to Gurucul.
Only 25% of organizations consider their biggest threat to be from inside the business, despite insider threats increasing by 47% over the past two years. With only a quarter of businesses seeing their biggest threat emanating from inside their organization, it seems over 70% saw the biggest cybersecurity challenges emanating from external threats such as ransomware. In fact, although external threats account for many security incidents, we must never forget to look beyond those external malicious and bad actors to insider threats to effectively secure corporate data and IP.
The survey also found 33% of respondents said they are able to detect threats within hours, while 27.07% even claimed they can detect threats in real-time. However, challenges persist with 33.15% of respondents stating that it still takes their organization days and weeks to detect threats, with 6% not being able to detect them at all.
“Given the sophistication and attack-techniques that threat-actors deploy these days, even the ability to detect threats within hours isn’t fast enough, it still gives attackers plenty of time to gain a stable foothold within an organization’s network,” comments Saryu Nayyar, CEO of Gurucul. “While these statistics are alarming, they aren’t surprising. What is worrying, however, is the number of respondents that don’t feel that insider threats can pose a danger to business. Particularly, with cybercriminal groups targeting individuals to recruit in order to help them gain access to networks. Fact is, 98% of companies are vulnerable to insider threats, and not enough is being done to prevent or protect against them.”
According to the study, 33.15% have spent hundreds of thousands of dollars trying to remediate threats and 15.47% said millions of dollars, demonstrating the extent to which organizations are willing to go to protect themselves against malicious actors. It also hints at the fact that many of these chosen solutions potentially don’t deliver the expected results; reflected in 41.99% believing approximately 50-100% of their budget has been wasted on these efforts.
Nayyar continues, “Despite organizations admitting to this, 28.7% are aware that speed is the key to remediating threats. The faster an organization can identify and address new, emerging and unknown threats, the better protected it will be. This goes hand in hand with automation, which would allow organizations to foster 24/7 incident response, even over holiday periods or staff shortages, cultivating a much more robust cybersecurity culture.”