Insider Threats: UK Businesses Are All Talk And No Action

Insider Threat

Results of a survey suggests that while businesses are growing increasingly aware of the insider threat, they still lack enforceable controls to stop and punish perpetrators. The survey of 1,000 IT professionals, conducted by OnePoll, found that more than a third (36 percent) of IT professionals believe employees would access or steal confidential information, yet 38 percent do not have, or know of, any systems in place to stop employees accessing unauthorised data.

Less than half (48 percent) regularly change passwords to stop ex-employees gaining access and the most commonly used deterrent is the threat of disciplinary action (64 percent). However, in a corresponding survey of 200 employees, almost half (47 percent) admitted to having accessed or taken confidential information from the workplace, with 41 percent using passwords and usernames to access data after they had left a company.

Notably, of those who had been caught, a quarter said nothing happened, while 67 percent were spoken to, but no disciplinary action was taken. Even more worrying is that 79 percent claimed their illegitimate actions had never been identified.

It is clear that the risk of rogue insiders is making its way up the corporate agenda; what’s not clear is how organisations are dealing with nefarious employee activity. From a 2013 survey, just 19 percent believed employees would steal data, a number which has nearly doubled in the last year, indicating that businesses are slowly waking up to the realities.

What is baffling is that, despite this, the majority of organisations are still not putting adequate systems in place. Indeed, it is not only staggering that such a large number of employees have never been caught accessing confidential data, but that those who have been have often got away with it scot free.

What we can take from this is that most organisations still have very little idea of what is happening across their networks. Even when faced with daily reports of internal security threats, such as the recent Target breach, as well as government initiatives to increase awareness, businesses are still inclined to turn a blind eye. At a time when the threat landscape is so vast and the repercussions are so big, this is simply unforgivable.

While more IT pros cite the insider threat as a bigger security risk (31 percent) than external threats (29 percent), the consensus seems to be that not enough importance is being placed on containing it, with 37 percent feeling like their business could do more to safeguard information from employees. Considering that a third also have no idea whether or not they have suffered a breach before, there is still a long way to go.

It is astounding that a third of IT professionals cannot say whether or not their organisation has ever suffered a breach – surely this knowledge should be the bare minimum? Without knowing what happened yesterday, businesses have little hope of protecting their networks today. Businesses clearly need to increase the level of visibility that they have into their networks in order to spot any questionable activity.

By tracking every single event that occurs within the IT infrastructure – both from internal and external sources – and defining ‘normal’ behaviour for users and systems, organisations will be able to identify and remediate any breaches as soon as they occur. Only by acquiring this in-depth knowledge and strengthening access control strategies, will businesses be able to truly defend themselves.

I encourage organisations to make better use of the machine data generated throughout an enterprise so that potential threats can be identified before they have a chance to escalate.

Using security intelligence platforms such as next generation Security Information and Event Management (SIEM) as part of an integrated Protective Monitoring strategy enables automated, centralised collection and analysis of log and machine data that ensures anomalies are identified as they occur. Developing this deep insight requires the ability to see even minor changes that may occur across the IT estate, such as files being altered or copied to portable storage devices.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone
Ross Brewer

Ross Brewer brings to over 22 years of sales and management experience in high tech and information security. Prior to joining LogRhythm, he was a senior executive at LogLogic where he served as vice president and managing director EMEA. Ross has held senior management and sales positions in Europe for systems and security management vendor NetIQ and security vendor PentaSafe (acquired by NetIQ). He was also responsible for launching Symantec’s New Zealand Operations.