Majority of enterprises admit they are vulnerable to insider threats

Humans, whether by accident or malice, are still a reason why today's businesses are vulnerable to cyberattack.
Written by Charlie Osborne, Contributing Writer

The majority of enterprise players admit they are vulnerable to insider threats to their networks and a third have already become victims, according to new research.

Insider threats are not always due to malicious, unprincipled employees. While it is possible that such staff members could access corporate data for sale or trade illegally, it is often accidental insider threats which are the source of data breaches -- such as in the case of Snapchat this year, when a cybercriminal posed as the firm's CEO Evan Spiegel in order to dupe HR into handing over staff payroll data.

There are many reasons why insider threats can disrupt a business, including simple human error, falling for fraudulent emails, careless personal security of devices and data, or failing to keep personal devices which access corporate networks secure.

According to Bitglass researchers, despite cybersecurity becoming more of a priority for today's businesses, the threat of insiders is still very much a core problem.

On Thursday, the cybersecurity firm released a new report on insider threats in the enterprise. After surveying over 500 security professionals from enterprise companies, Bitglass said that one in three companies admitted to experiencing a data breach caused by an insider in the past year, and 74 percent still feel vulnerable to insider threats.

Over half of respondents -- 56 percent -- also said that they believe insider threats have become more frequent in the past 12 months.

In total, 71 percent of cybersecurity professionals said they were most concerned with accidents and inadvertent corporate leaks and breaches caused by "risky, unsanctioned" mobile app usage, accidental external sharing of corporate data, and the use of mobile devices which are not fully up-to-date and patched -- which can lead to malicious apps accessing corporate information, surveillance, or spying.

Malicious insiders are also a source of worry for IT professionals, with 61 percent concerned about employees that have an axe to grind or are willing to trade corporate information for their own gain.

In addition, careless security policies implemented by the enterprise make matters worse. If network administrators give employees more access and privileges than they need, should their accounts be compromised, attackers can do so much more -- and for 60 percent of organizations, it is these privileged users which demonstrate a real threat to security.

A number of respondents also said that cloud and mobile technologies are forcing a rethink of how best to tackle digital security. According to the survey, 62 percent of IT professionals blame a lack of employee training and 57 percent say insufficient data protection solutions is a major cause of data breaches.

Too many devices have access to sensitive data say 54 percent of respondents, and 48 percent claim that more data than ever leaving corporate network perimeters is also a major cause of information leaks.

"Adoption of cloud and BYOD are positive developments, but organizations that have limited cross-app visibility will struggle to detect anomalous behavior and need to rethink their approach to data security," said Nat Kausik, CEO of Bitglass. "The reality is that cloud apps have made data more readily accessible and insider threats more likely -- it's up to the enterprise to put adequate data controls and policies in place to secure vital data."

In the majority of organizations, employee training, identity management solutions, and data leakage prevention strategies were seen as effective tools to combat insider threats.

Top gadgets and apps to protect your mobile devices

Editorial standards