The more things change, the more they stay the same. While the nature of the technology employees use has dramatically changed over recent decades – from immovable desktops connecting to internal networks to iPads and netbooks with the ability to work anywhere — insiders and employees have remained among the greatest risks. According to the 2018 Netwrix Cloud Security Report, which consists of a survey of 853 various-sized organizations, industries and geographical locations. All organizations are public or hybrid cloud users.
According to the survey, 45 percent of organizations perceive their own employees to be the biggest security risk. Even though the majority of attacks they experienced over the year were external, organizations blame their own IT staff, 39 percent, and business users 33 percent, as much as or more than their cloud providers which is 33 percent. "Although most actual security attacks were external, cloud customers mostly blame their own users for incidents in the cloud and see them as the biggest threat to security,” said Michael Fimin CEO of Netwrix in a statement.
Fimin explained that even if insiders are not malicious, they still can unwittingly help attackers get into the environment, whether due to a lack of knowledge about risks, negligence or mistakes.
Further, organizations do not perceive themselves as being ready to address the insider threat because they have only partial visibility into activity in their IT infrastructures, a situation that has not changed much since 2016. The share of organizations that have complete visibility into the activity of IT staff sits at 28 percent, business users 17 percent, third parties with legitimate access, 12 percent, and providers, 9 percent, is low and needs to be improved.
Here are some other key findings in the report:
As Jai Vijayan wrote in his Dark Reading story, Insider Threat Fear Greater Than Ever, Survey Shows, despite ever-increasing spending on monitoring data access, organizations remain vulnerable to insider risks. “In a survey of 508 security professionals conducted for Haystax Technology by LinkedIn’s Information Security Community and Crowd Research Partners, 74% of the respondents say their organizations are vulnerable to insider threats. That's a 7% increase from last year's survey by the groups conducting the research,” Vijayan wrote.
“Nearly 60% of the respondents in the Haystax survey point to inadequate data protection strategies as contributing to an increase in insider threats. The increasing number of devices with access to sensitive data, and the increasing use of mobile devices to store and access sensitive data, are also considered major factors to the increase in insider threats,” he wrote.
The Haystax survey also found that 56 percent reported that insider threat events are now more frequent than the previous year.
George V. Hulme is an internationally recognized information security and business technology writer. For more than 20 years Hulme has written about business, technology, and IT security topics. From March 2000 through March 2005, as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CSOOnline, ComputerWorld, Network Computing, Government Computer News, Network World, San Francisco Examiner, TechWeb, VARBusiness, and dozens of other technology publications.View all posts
Don’t miss out on exclusive content and exciting announcements!