Research suggests that over half of businesses can’t spot cybersecurity threats signs, like a malicious insider preparing to steal data or launch a cyberattack.
Most businesses are having a hard time trying to identify and detect early indicators, that could suggest an insider is plotting to carry out cyberattacks, like stealing data.
According to the Ponemon Institute and cybersecurity company DTEX Systems, over half of companies find it very difficult to prevent insider attacks.
Cybersecurity threats signs can come in a number of forms, ranging from employees who plan to take confidential data when they leave for another job, to those who are actively working with cyber criminals, potentially even to lay the foundations for a ransomware attack.
In many cases, an insider preparing to carry out an attack will follow a set pattern of activities including reconnaissance, circumvention, aggregation, obfuscation, and exfiltration, all of which could suggest something is malfunctioning.
Lacking of effective monitoring controls and practices, make businesses struggling to detect the indicators of insider threat.
The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception,” said Larry Ponemon, chairman and founder of the Ponemon Institute.
One of the key reasons insider threats aren’t being detected is because of confusion around who is responsible for controlling and mitigating risks. While 15% of those surveyed suggested that the head of the business is responsible, 15% suggested that nobody has ultimate responsibility in this space – meaning that managing and detecting the risks and threats can fall between the cracks.
Over half of businesses cite lack of in-house expertise in dealing with threats, while just under half say there’s a lack of budget, and the shift to remote working has also made it harder to mitigate cybersecurity risks.
According to Ponemon and DTEX, the best way for companies to improve their ability to detect insider threats is to improve the security posture of the business, as well as designating a clear authority for controlling and mitigating this risk – one that can investigate activities that could suggest a potential insider attack.
In SOS Support, We provide fully-managed, outsourced IT services to companies under 50 computers, supplemental IT support for larger companies (100-250 computers), and peace of mind for all our customers. SOS|Support will strengthen your business security systems, saving you time and money.
Organizations need to take a human approach to understanding and detecting insider threats, as human elements are at the heart of these risks.