Are Insider Mistakes the Biggest Threat to Organizations?


Keeping ahead of cybercriminals can be overwhelming. New threats come online every day, with roughly 350,000 new malware samples discovered daily, according to AV-TEST. Beyond that, there are new variations on older attacks, such as fraud attempts using recordings to mimic someone’s voice, or ransomware leaving other malware behind after you remove the initial infection. However, some of the biggest risks currently may come from insiders making simple errors.

Recently, SolarWinds released the results of a survey conducted in partnership with the International Data Corporation (IDC). The research sought to gather insight into the security practices of businesses in both North America and Europe. Below are some key findings.

1. 62% said insider mistakes were the top cause of security incidents

Many businesses focus on defending against external threats. As cybercriminals increasingly share their tools with a wider community, more people can act maliciously than ever before. A single breach can be catastrophic to a business, potentially leading to lost customers, deleted data, or burdensome compliance fines.

Respondents claimed simple insider mistakes were the biggest security risks; additionally, more than half claimed regular employees—not privileged users—posed the greatest risk. This finding makes sense, since many regular employees won’t be as security-conscious as the IT or security team. To deal with this, try to offer your customers security training and consistently reinforce best practices. The last thing you want is a client shooting themselves in the foot and pointing the finger at you as the service provider.

2. 40% are adopting threat intelligence to keep up with threats

Even though insiders represent the biggest threat, businesses still need protection against external threats—especially emerging ones. Indeed, the findings of the report show that businesses increasingly use threat intelligence services to stay ahead of cybercriminals.

But businesses should use threat intelligence the right way. Implementing threat intel on a regular basis can be challenging; teams often get stretched too thin, leaving them little time to keep up with threat intelligence. To get around this, choose security tools that simplify the process by integrating threat intelligence into the product itself. This way, your team won’t have to go hunting or rely on memory when an incident occurs—they’ll have what they need at their fingertips.

3. Only 32% use endpoint protection and 27% use patch management to prevent threats

Unfortunately, far too few businesses practice the fundamentals. Patching is security 101—if you can’t keep up with it, you’re asking for trouble. And with the number of threats that evade traditional antivirus, like fileless malware or malicious documents, businesses need to upgrade their security stack to include AI-driven endpoint protection.

4. Only 28% can conduct forensic analysis after an incident

Post-incident analysis is critical for improving your customers’ security postures. Once an incident happens, you need to find the infection point and understand what vulnerabilities led to the incident. If you can’t, you leave your customers open to another attack.

As a service provider, look for tools to help you quickly get to the root cause of an issue and develop steps to prevent a second attack. If an incident occurs, showing you’re on the case and will protect customers in the future can go a long way in illustrating your value as a provider.

SolarWinds Threat Monitor

Speaking of SIEM tools, SolarWinds Threat Monitor is a cloud-based SIEM tool designed to help you detect and deal with threats to your customers—whether due to external threat actors, malicious insiders, or employee mistakes. It includes a sophisticated, configurable alarm system designed to alert you to potential threats, and it comes with built-in threat intelligence, so your team has up-to-date information when responding to these alarms. Plus, with extensive, elastic searching, your team can conduct investigations after incidents to help prevent these attacks in the future.

You can test drive SolarWinds Threat Monitor by trying an interactive demo today.

Guest blog courtesy of SolarWinds MSP. Read more SolarWinds MSP blogs here.