Businesses take little action to mitigate the insider threat
While businesses are growing increasingly aware of the insider threat, they still lack enforceable controls to stop and punish perpetrators. A LogRhythm survey of 1,000 IT professionals found that more than a third (36 percent) of IT professionals believe employees would access or steal confidential information, yet 38 percent do not have, or know of, any systems in place to stop employees accessing unauthorized data.
Surprisingly, less than half (48 percent) regularly change passwords to stop ex-employees gaining access and the most commonly used deterrent is the threat of disciplinary action (64 percent).
However, in a corresponding survey of 200 employees, almost half (47 percent) admitted to having accessed or taken confidential information from the workplace, with 41 percent using passwords and usernames to access data after they had left a company. Notably, of those who had been caught, a quarter said nothing happened, while 67 percent were spoken to, but no disciplinary action was taken. Even more worrying is that 79 percent claimed their illegitimate actions had never been identified.
“While it is clear that the risk of rogue insiders is making its way up the corporate agenda, what’s not clear is how organizations are dealing with nefarious employee activity,” said Ross Brewer, vice president and managing director for international markets at LogRhythm.
“In LogRhythm’s 2013 research, just 19 percent believed employees would steal data, a number which has nearly doubled in the last year, indicating that businesses are slowly waking up to the realities. What is baffling is that, despite this, the majority of organizations are still not putting adequate systems in place. Indeed, it is not only staggering that such a large number of employees have never been caught accessing confidential data, but that those who have been have often got away with it scot free,” added Brewer.
“What we can take from this is that most organizations still have very little idea of what is happening across their networks,” continued Brewer. “Even when faced with daily reports of internal security threats, such as the recent Target breach, as well as government initiatives to increase awareness, businesses are still inclined to turn a blind eye. At a time when the threat landscape is so vast and the repercussions are so big, this is simply unforgivable.”
While more IT professionals cite the insider threat as a bigger security risk (31 percent) than external threats (29 percent), the general consensus seems to be that not enough importance is being placed on containing it, with 37 percent feeling like their business could do more to safeguard information from employees. Considering that a third also have no idea whether or not they have suffered a breach before, it appears there is still a long way to go.
“It is astounding that a third of IT professionals cannot say whether or not their organization has ever suffered a breach – surely this knowledge should be the bare minimum? Without knowing what happened yesterday, businesses have little hope of protecting their networks today,” continued Brewer. “Businesses clearly need to increase the level of visibility that they have into their networks in order to spot any questionable activity. By tracking every single event that occurs within the IT infrastructure – both from internal and external sources – and defining “normal’ behavior for users and systems, organizations will be able to identify and remediate any breaches as soon as they occur. Only by acquiring this in-depth knowledge and strengthening access control strategies, will businesses be able to truly defend themselves.”