Several industry experts stressed that insider threats are the primary concern for every security leader, as many organizations fail to address the insiders within their own company. As a result, numerous data breaches happen due to employee negligence or unintentional actions like responding to a phishing email with sensitive information or downloading malicious content. In addition, with the ongoing crisis due to the COVID-19 pandemic, companies across the globe are working remotely. This is creating new opportunities for threat actors to launch insider threats.
A recent survey report “2020 Cost of Insider Threats: Global Report” from the Ponemon Institute revealed that insider threats increased by 47% from 3,200 in 2018 to 4,716 in 2020. It also revealed that the cost of insider threat incidents also surged by 31% from $8.76 million in 2018 to $11.45 million in 2020.
According to the survey, negligent employees create around 62% of security incidents, costing organizations an average of $307,111 per incident. The fastest-growing industries for insider threats are the retail sector (38.2% two-year increase) and the financial services sector (20.3% two-year increase). It takes 77 days for a company to contain each insider threat incident, and only 13% of the analyzed security incidents were contained in less than 30 days, the report stated.
Irresponsible employee behavior and reduced vigilance of organizations can allow any malicious insiders to further exploit their administrative privileges to disrupt an organization’s operations. Amid the rapid change in work conditions, many companies are struggling to cover security gaps while also dealing with the variety of COVID-19-related threats.
65% of Employees Access Documents Unrelated to Their Jobs
A similar survey on insider threats conducted by unified security and risk analytics firm Gurucul, revealed that nearly 65% of cybersecurity professionals have accessed documents that are not related to their job profiles. It also found that 40% of respondents who had negative performance reviews, also admitted to abusing their privileged access. According to the survey responses, about 58% of security professionals in the finance sector admitted that they have emailed company documents to their personal accounts. While 78% of them in the manufacturing sector accessed documents unrelated to their job profiles. In retail, 86% of security professionals said they’ve clicked on links from unknown sources.