In 2019, insider threats were a pervasive security risk -- too many employees with a lack of security training, easy data access and numerous connected devices. To help you prepare for 2020, we’ve rounded up some 2019 insider attack statistics. Learn which insider attacks were most popular, the cost to fix their damage and best practices for insider threat management.
How Many Insider Attacks Happened in 2019 and Why
A 2019 Insider Threat Report from Cybersecurity Insiders surveyed 400,000 members. Of those thousands, 70% said they’re seeing attacks more frequently and 60% said they’d experienced at least one attack within the past year. Why is the risk of insider attack so prevalent and likely increasing? The two main culprits seem to be a lack of employee training and a greater reliance on technology.
56% of Cybersecurity Insider respondents said the main reason for insider attacks was due to lack of employee training or awareness. This could stem from a growing population of contract workers, more involved vendor partners or just a rapidly increasing staff count, some of whom haven’t been properly trained on secure data management.
After lack of employee training, respondents believed the second most popular (51%) reason for insider attacks was an increased number of devices connected to important data. Employees now have smartphones, tablets, USB drives, laptops, desktops and more, which means more opportunities for sensitive data to leave the security of the company network. An employee could unintentionally upload confidential company data to a public cloud just by forgetting to turn off a device’s auto-sync.
What Were the Most Popular Types Insider Attacks
What were the most popular types of insider attacks? BetterCloud surveyed 500 IT professionals for its State of Insider Threat 2019 report and found that 62% of respondents believed the biggest insider threat came not from malicious employees, but from those who were benevolent yet negligent.
The respondents felt that the rapid growth in cloud-based SaaS software gave their team the power to work independently, but also provided new pathways for them to accidentally share private information publicly. For example, employees might upload documents to Slack and then create an external link that they don’t realize is public. Or, perhaps they’ll use the free Excel competitor software in Google Drive to process financial data and turn on link sharing for the public web. In both instances, company data is leaving a secure network and it’s hard to say who could gain access to these public cloud platforms.
The respondents felt that the rapid growth in cloud-based SaaS software gave their team the power to work independently, but also provided new pathways for them to accidentally share private information publicly. For example, employees might upload documents to Slack and then create an external link that they don’t realize is public. Or, perhaps they’ll use the free Excel competitor software in Google Drive to process financial data and turn on link sharing for the public web. In both instances, company data is leaving a secure network and it’s hard to say who could gain access to these public cloud platforms.
How Much Did These Insider Attacks Cost
Just one insider attack is a costly, unfortunate, incident, but companies that experience multiple attacks may find that the expense to recover is detrimental to their bottom line. A Cost of Insider Threats study from Ponemon Institute - an independent data protection and IT research consortium - reports that the average cost of just one insider incident is about $513,000 and that multiple incidents could potentially cost a North American company $11.1 million per year.
Unfortunately, the cost to recover is on the rise. Another study from Accenture shows that organizations are spending 15% more in 2019 than they did in 2018 to handle the costs and consequences of an insider attack. Accenture also reports that the total value at risk to insider threats over the next five years is approximately $5.2 trillion - i.e., there’s a huge need for improved insider threat detection.
What Are Companies Doing in 2019 to Prevent Future Insider Attacks
For insider threat prevention, many companies are already relying on a variety of technologies and protocols. Cybersecurity Insiders reports that 51% of survey respondents provide user training as a means of combating attacks, and 41% have an Information Security Governance Program and 36% perform background checks, among other preventive measures. Although an organization may have numerous tools in place, not all of them are equally effective. Data Loss Prevention, Identity and Access Management and Policies and Training all received equal support (52%) as being more effective than other tools.
Perhaps it’s the shift from a traditional workplace environment to one that’s more remote-based or perhaps it’s just fear of an insider attack, but the same Cybersecurity Insider study reports that 84% of companies monitor employee user behavior as an insider threat detection tool. The organizations then use the user behavior data to determine insider threats: 32% review activity and summary reports, 29% review user behavior analytics and 28% review the movement of data and who accesses it.
As the risk of insider threats increase and the associated cost multiplies, the question across many organizations is one of doing enough. According to BetterCloud, 74% of C-level executives don’t think they’ve invested enough to mitigate the risk of insider threats and 95% of those using a Cloud Access Security Broker still feel vulnerable. However, it does look like there’s a general upward trend to invest in prevention - Gartner predicts that IT security spending worldwide will hit $124 billion in 2019, which is $10 billion more than in 2018.
Looking Forward to 2020 and Insider Threat Prevention
As 2020 approaches and new technology awaits, the risk for insider threat attacks is likely to increase. To prepare for, and prevent, the loss of valuable data, organizations must scrutinize current security protocol now and make changes where they’re most vulnerable.
Installing an insider detection solution is the first step in fighting attacks. ActivTrak’s insider threat detection software monitors employees and alerts you of suspicious behavior. The powerful, low-maintenance, agent runs in the background, freeing you up to focus on running your business.
ActivTrak achieved record results in 2019, and we look forward to keeping our clients safe in the years to come. For results and security you can trust, get started with ActivTrak today.
