Light Dark
November 26, 2024 By Josh Nadeau 4 min read
Risk Management

According to Cybersecurity Insiders’ recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year. Even more surprising than this statistic is that organizations that experienced 11-20 insider attacks saw an increase of five times the amount of attacks they did in 2023 — moving from just 4% to 21% in the last 12 months.

With insider threats on the rise, it’s critical for businesses to recognize the real dangers that originate from inside their digital ecosystem while putting into practice effective threat management strategies to address them.

The rising concern of insider attacks

As businesses readily adopt hybrid cloud working models and next-generation technologies, the complexity of insider risk management has risen. Cybersecurity Insiders recently reviewed 413 IT and cybersecurity professionals to better understand where and how insider threats impact their organizations.

Surprisingly, the rate of insider threat incidents has grown considerably year-over-year, with 48% of respondents reporting that they’re contending with a much more prevalent problem in just the last 12 months. When reviewing the reasoning behind this escalation, Cybersecurity Insiders was able to narrow down four primary issues that are the culprits:

  • Complicated IT environments: The support of remote and hybrid working models, in addition to wide-scale cloud adoption by modern businesses, has created more intricate operational structures that are harder to manage and control.

  • Inadequate security measures: Many businesses struggle to stay up-to-date with the latest security best practices and still rely on outdated protocols to protect their digital assets.

  • Lack of employee training and awareness: Not all insider threats are malicious. In fact, most employees are simply not trained enough to stay aware of the risks they can introduce into the business while also playing an active role in preventing insider threats from happening.

  • Weak enforcement policies: Although 93% of respondents in the report said that strict visibility and control was an important factor for them, only 36% actually had an effective solution in place for unified visibility and access control.

Read the Threat Intelligence Index

Breaking down the actual costs associated with insider threats

While many security teams understand the security implications of insider threats, the full scope of their financial repercussions isn’t always recognized. Cybersecurity Insider’s report dug deeper into these factors; the results are quite revealing.

For 32% of the organizations that dealt with insider threats in the last year, the average cost to fully recover averaged between $100,000 and $499,000. While this was the most common response received, 21% of respondents reported much steeper costs, ranging between $1 million and $2 million.

These statistics only represent the quantifiable costs associated with insider threat remediation. They don’t consider the additional losses businesses can experience when factoring in the damage these attacks cause to their reputations and the loss in customer trust that comes with it.

Best practices for improving insider threat management

Considering the negative implications that insider threats pose on organizations, it’s important to implement effective best practices to minimize exposure. These include:

Advanced monitoring solutions

Insider threats are often much more difficult to detect than external attacks. Due to this fact, it’s important to invest in more advanced monitoring solutions such as User and Entity Behavior Analytics (UEBA). These tools use machine-learning algorithms and behavioral analytics to monitor user activity while flagging anomalies to assist security teams with early warnings of potential insider threat activity.

Non-IT data sources

Incorporating non-IT data sources into your threat management platforms helps broaden the intelligence of enabled security solutions. For example, by adding information such as legal data, HR records and other public data sources, you can get a more complete view of potential insider threats that could emerge.

These data sources could comprise employee performance reviews and disciplinary actions or other publicly sourced information on social media. All of this information helps with early detection and can considerably lower risk ratios.

Automated threat detection and response

With many organizations quickly scaling their digital reach, manual threat detection and response have become highly inefficient. Automated response tools have become an essential asset to help businesses analyze large streams of data, identify potential threats and accelerate response times.

In addition to on-premise security solutions, Threat Detection and Response (TDR) services can significantly improve a business’s cybersecurity hygiene. With immediate access to the latest tools and highly trained teams, TDR services can strengthen security defenses.

Zero trust frameworks

Strict access control is essential to limit the potential for insider threats to persist. Adopting a zero trust security model reduces organization exposure by assuming all users and devices in or outside a company network are potential threats. This ensures that every access attempt is thoroughly vetted and restricts the ability of malicious insiders to maintain unauthorized access to sensitive systems and networks.

Employee training and awareness

A common area of concern for the companies listed in Cybersecurity Insiders’ recent report is employee training, with 32% of respondents admitting that lack of awareness was a major contributor to an attack. It’s important to continuously educate staff on the dangers of insider threats and teach them how to identify and report suspicious activities.

Creating a security-conscious culture

It’s important to set the right tone for the entire organization when it comes to cybersecurity planning. To achieve this, company leadership should be actively involved in helping to prioritize threat management across all departments while leading by example. This ensures that everyone has shared accountability when it comes to avoiding internal and external threats.

Regular security audits and assessments

In order to ensure the solutions and practices you’re putting into place are effective, regular security audits and assessments are critical. These comprehensive evaluations should review everything from security policies and access controls to the effectiveness of any incident response plans actively in place.

Incident response planning

Organizations should always be prepared for the worst-case scenario and have a well-defined incident response plan in place. Considering that a significant amount of organizations in the last report by Cybersecurity Insiders shows most impacted businesses are still unsure about their recovery times, it’s more important than ever to have clearly outlined procedures for remediating attacks.

Stay ahead of the insider threats

As insider threats continue to escalate each year, it’s critical for organizations to take active steps in their prevention. By following the best practices outlined and building more internal awareness regarding these ongoing threats, businesses can ensure they maintain a resilient cybersecurity posture.

 |  |  |  |  |  | 
Josh Nadeau
Cybersecurity Writer

More from Risk Management
November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

November 20, 2024

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature