Insider Threats Cost Enterprises Up to $2M Per Incident, New Report Says
While nation-state and domestic hackers grab the headlines for threats to enterprise cybersecurity, a “considerable amount of data leakage” comes from insiders, security provider Bitglass said in a new report.
Inside jobs, whether from bad actors within an enterprise who heist proprietary information for profit or careless employees who unintentionally compromise sensitive data, the cost to businesses can add up quickly with multiple incidents, the Campbell, California-based cloud security specialist said in its 2020 Insider Threat Report. Nearly one-third of IT and security professionals in its survey said the average cost of a single insider attack ranges from $100,000 to as much as $2 million. Among those surveyed, more than 60 percent reported at least one insider attack at their enterprise in the last 12 months while 22 percent reported at least six incidents.
“Disgruntled or careless employees as well as hackers who gain access to valid credentials can do massive damage to an enterprise,” Bitglass wrote in the report. “Consequently, IT and security teams are forced to balance budgetary and business concerns with the need for comprehensive data and threat protection.”
Here are some survey highlights (by percentage of respondents):
On data and the cloud.
54%: Customer data is most vulnerable to insider attacks, which makes sense given the compliance and privacy concerns associated with personal information and bad actors who want to sell it for profit. Only 4% said partner data is at risk.
50%: Firms find it harder to detect insider threats after migrating to the cloud. Traditional on-premises tools don’t translate well to the cloud.
On the impact of insider attacks.
38% each: Loss of critical data and disruption to business operations are the biggest impact of of insider attacks, followed by damage (24%), legal liabilities (20%), and loss of revenue (18%).
61%: Suffered an insider attack in the last 12 months; 22% reported at least six.
On detection and recovery.
49%: Detect insider attacks at least a week afterwards.
44%: Take another week or more to recover.
On security finances.
32%: The average cost of remediation after an insider attack is $100,000 to $2 million.
73%: Security budgets are staying flat (57%) or decreasing (16%) next year.
On security challenges.
81%: Difficult to assess the impact of insider attacks. The top three barriers to better insider threat management are lack of budget (61%), lack of staff (41%) and lack of tools (38%).
On consistent visibility and control.
6%: Have a single product/dashboard that delivers completely unified visibility and control wherever data goes.
33%: Multiple but integrated products provide unified visibility and control wherever data goes.
60%: Lack unified or comprehensive security and must manage multiple, disjointed solutions with varying levels of protection.
On threats for personal devices.
82%: Organizations cannot guarantee they can detect insider threats from personal devices.
50%: Organizations don’t have visibility into messaging and file sharing apps on BYO endpoints.
3%: Organizations that can block personal device access altogether.
On securing solutions.
- Many enterprises need multi-faceted security solutions that provide items like the following:
- User and entity behavior analytics that use machine learning to baseline user behavior and identify suspicious departures from the norm.
- Step-up, multi-factor authentication for users in unusual locations or for those who are engaging in unusual activities.
- Real-time data loss prevention capabilities like digital rights management and redaction that can prevent data leakage.
- Cloud encryption for sensitive files and fields in order to keep confidential or regulated data safe from prying eyes.
- Agentless deployment modes that don’t require software installations on endpoints; critical for BYOD security.