Fifty-eight percent of sensitive data security incidents are caused by insider threats, according to a recent study by Forrester Research. Insider threats originate from inappropriate use of legitimate authorized user accounts. These accounts – assigned to internal employees and business associates – are either misused by the rightful owner or leveraged by an external threat actor that has navigated through perimeter controls.
The late 2021 Forrester Research paper, commissioned by Imperva, is titled Insider Threats Drive Data Protection Improvements. The goal of the paper was to evaluate how enterprises are protecting data in response to insider threats as part of a larger strategy to manage the growing cyberattack surface more effectively. Information was obtained through a survey of 464 security and IT professionals with responsibility for managing and responding to insider threats.
In this post, we will summarize Forrester’s findings that suggest why this number is alarmingly large. In future blogs we will discuss costs of insider threats and describe how to use this strategy to explain how a simple unified approach to establishing full data visibility is critical to creating an automated, scalable data protection strategy that closes security gaps in both on-premises and multi-cloud data repositories.
Insider threats are perceived to be less urgent than outsider threats
According to the Forrester report, one of the reasons why insider threats make up a majority of security incidents is that nearly a third (31 percent) of firms do not believe insiders are a substantial threat. Leadership teams acknowledge risks and yet still aren’t promoting an appropriate amount of urgency. This lack of priority has a cascading effect; fewer than 30 percent of firms say they have an insider risk management strategy or policy.
It is understandable that many organizations first focus on perimeter and endpoint. Strong network and endpoint security, combined with vulnerability management lifecycle toolsets and a mature security operations center are key to reducing overall risk. However, with insider events occurring more often than external ones according to the report (58 percent vs. 41 percent), it is clear a richer data security strategy is required.
When asked how they plan to address the number of policy violations, breaches, and compromised credentials, between 29 percent to 37 percent of firms report looking to acquire new security tools to address their current gaps in unauthorized use of credentials. In addition, most decision-makers report using internal resources rather than hire a third party to assist with security.
Speed of cloud adoption
Another challenge is the rapid migration of workloads to the cloud. 77 percent of Forrester survey respondents say they are moving sensitive data to private clouds over the next two years. This makes sense. The cost-efficient pay-as-you-go models and scalable database capabilities offered by cloud environments make them a sound budget choice for enterprises, albeit one with significant cybersecurity strategy implications. While adopting secure, easy to implement cloud environments improves employee productivity and business efficiency, Forrester reports 44 percent of firms are having trouble protecting sensitive data using existing technology that doesn’t integrate well with cloud enterprise solutions.
Additional data beyond the Forrester study bears out these findings. Gartner predicts that cloud-native platforms will serve as the foundation for more than 95 percent of new digital initiatives by 2025 and Crowd Research Partners reports that 84 percent of enterprises say traditional security solutions don’t work in cloud environments.
Until security can catch up, many enterprises face the reality of slowing or suspending their cloud migration programs. This is not always an option, however. They may realize the risks, but remain complacent as the need to innovate takes precedence.
Users that circumvent security policies
Forrester reports nearly 64 percent of firms studied believe they have the data security solutions and technology in place to scale with their needs. However, the same report finds that 55 percent also say that end users have devised ways to circumvent their data protection policies.
Why do end-users circumvent security policies? Here is one scenario. To innovate quickly, DevOps teams and DBAs often need to spin up and take down cloud databases for testing purposes. They may populate testing and search tools with unprotected sensitive data but then forget about it. This unintentional behavior is the reality of operations today and creates serious security risks. To combat this issue today, Forrester reports that 35 percent of firms rely on company security compliance, one-third deploy behavior analytics to detect malicious threats, and nearly half manually monitor or audit employee activity periodically.
Is it enough? A PWC report reveals 30 percent of companies say their employees are their greatest source of security risks. A balance of technology and awareness is likely the right answer. Forrester’s report shows 43 percent of insider security incidents stem from abuse or malicious intent, 39 percent from unintentional misuse or accident, and 18 percent from both. In a 12-month period from late 2020 into 2021, 44 percent of firms have experienced more than 10 policy violations.
Why it is critical to address the insider threat imbalance
Attackers that leverage legitimate credentials can be more damaging to data security than outsider threats. Organizations looking to reduce data security risk must be resilient in the face of rapid cloud adoption and users that circumvent security policies. They must also work to convert internal perception that this threat vector is of low urgency and use it as the driver for an improved data protection strategy.
Insider threats is a threat vector that comprises 58 percent of sensitive data incidents from participants in the Forrester research. Yet only 37 percent of participants report having dedicated insider threat teams. This imbalance represents a significant gap that, when closed, will reduce risk for your organization.
To get a copy of the Forrester report, Insider Threats Drive Data Protection Improvements click here.
Try Imperva for Free
Protect your business for 30 days on Imperva.