The Information Security Community on LinkedIn recently completed a survey of more than 500 cybersecurity professionals on the topic of insider threats. This report reveals the real-world trends and challenges of combating insider threats from the viewpoint of the security professionals who do it every day.
Let’s take a look at some of these trends and what they may mean for information security.
Insider threats are on the rise, but budgets are not
Security teams have long been asked to do more with less, but this trend is particularly stark in the area of malicious insiders.
The study shows that 62% of respondents saw more insider threats over the past year, but only 34% expect to get more budget to address the problem. Underscoring this problem, 68% feel vulnerable and less than half feel they have appropriate control over insider threats.
Given the lack of budget for insider threats, it’s critical that security teams squeeze as much value out of their solutions as possible. This is where Vectra is incredibly valuable.
Focusing on the internal behavior of hosts on the network, Vectra successfully detects both insider threats and externally driven cyber attacks. This makes Vectra far more cost-effective than single-function products that focus only on insider threats.
High degree of difficulty
The LinkedIn survey confirms that insider threats are hard to solve. In fact, 62% said insider threats are harder to detect than externally-driven attacks because trusted insiders already have credentialed access to the network and services.
This exposes a vital point about the overlap between insider threats and cyber attacks. In most cases, cyber attackers want what trusted users already have – network access credentials. In both cases, detecting a threat requires security teams to proactively identify when a host behaves abnormally or in a way that could expose data or assets.
Vectra software tracks the flow of data within a network to proactively identify the acquisition, staging, and stealing of data, regardless of whether it’s driven by an insider or an outsider. More importantly, Vectra does so without the need for signatures or highly complex policies typically found in DLP solutions.
The need to be proactive
As mentioned earlier, most survey respondents said they lacked the appropriate tools to mitigate insider threats, and an analysis of the tools available to them underscores this point.The study found that user training (45%) and background checks (41%) were the most commonly reported controls for combating insider threats. In the end, these wise yet passive precautions won’t help organizations that are faced with live, active insider threats.
Once again, it is imperative to proactively identify threats in real-time so security teams can take action before data is lost. Unlike preventive measures that only reduce exposure or analytics platforms that document loss, Vectra automatically analyzes and correlates all traffic in your network to proactively uncover insider threats in real time.
While there’s no silver bullet to stop malicious insiders, the LinkedIn report shows that organizations can do considerably better. The Vectra solution addresses the gap in network security posture, while protecting an organization’s most critical assets.
Wade Williamson is a cybersecurity writer, product manager and marketer with experience in positions from director of product marketing to senior security analyst.