According to the results of a new survey by Securonix, the cloud not only makes enterprises vulnerable to insider attacks, it makes those attacks even more difficult to detect. In the 2019 Insider Threat Report, 39% of cybersecurity professionals identified cloud storage and file sharing apps as the most vulnerable to insider attacks. In addition, 56% believe detecting insider attacks has become significantly to somewhat harder since migrating to the cloud. Despite this risk, only 40% of organisations say they monitor user behaviour across their cloud footprint.
The report details the types of insider threats, motivations for insider attacks, which data is the most vulnerable, and identifies which insiders pose the biggest security risk to an organisation – 59% say it’s privileged IT users or admins, followed by contractors/service providers/temporary workers at 52%.
Other key findings of the report include:
- 21% of organisations have experienced more than five insider attacks in the past 12 months
- 70% of organisations confirm insider attacks have become more frequent in the past 12 months
- 68% of organisations feel moderately to extremely vulnerable to insider attacks
- 56% of organisations say their monitoring, detecting and responding to insider threats is only somewhat effective or worse
- The top motivations for insider threat were fraud, monetary gain and IP theft, followed by corporate sabotage and espionage
“Six years ago, the Snowden incident sent a wake-up call to enterprises and government agencies across the globe that risky insiders are a threat hidden in plain sight, but the cloud has exponentially increased the insider threat attack surface,” said Shareth Ben, Insider Threat SME at Securonix.
“The benefits of moving to the cloud are obvious, but along with that comes an increased need for security. It’s not enough to guard the network perimeter because the perimeter has become more porous. Organisations need to take a close look inside, decide what’s most important to them and put in place an insider threat programme that incorporates people, processes and technology.”
The 2019 Insider Threat Report reveals challenges facing organisations, how IT and security professionals are dealing with risky insiders, and how organisations are preparing to better protect their critical data and IT infrastructure. The report is based on a survey of more than 300 cybersecurity professionals.