Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Insider Threat. Show all posts

Report: Insider Cybersecurity Threats have Increased 40% Over the Past Four Years

 

A recent study disclosed that over the past four years, the average cost of an insider cybersecurity attack has increased dramatically by 40%. In addition, the average annual cost of these cyberthreats has increased over the past 12 months, reaching $16.2 million per incident. 

The highest costs arise after the attack has taken place, thus businesses globally should prepare their prospective responses now in order to incur the least amount of financial loss.

The new research states that "insider" attacks can be either malicious (espionage, IP threat, sabotage, or fraud) or non-malicious (when an insider is careless, mistaken, or outsmarted). The study titled '2023 Cost of Insider Risks Global' was released by the data privacy-focused Ponemon research centre and funded by insider cybersecurity company DTEX Systems. 

It reveals that insider risks are increasing, and not simply in terms of how much each attack costs. In 2023, there were a total of 7,343 insider incidents, up from just 6,803 the year before. 

The majority of the incidents (75%), frequently attributable to mistaken insiders (55%), were traced back to non-malicious insiders. The two expenses with the highest average costs per incident are containment and cleanup, which total respectively $179,209 and $125.221. A response's price increases with duration.

Why cyber budgets aren't spent wisely?

Insider threats are increasing. Or, to put it another way, the call is coming from inside the house. Businesses, meanwhile, have not made the necessary adjustments to their budgets. For controlling insider risk specifically, 88% of them still only allocate 10% or less of their IT security budget... in which external threats get 91.8% of budgetary resources. 

However, social engineering, which uses insiders as a target to phish or otherwise trick personnel into disclosing private information regarding their own firm, is still a major threat. Phishing assaults cost businesses nearly$6.9 billion in 2021, and the FBI recently identified phishing as the most frequent type of cyberattack. 

“This highlights a widespread misunderstanding of the types of insider risks and the failure to proactively protect customer data and IP [intellectual property],” Rajan Koo, chief technology officer of DTEX Systems, stated in a press release.

Imperva: Majority of Indian Organisations Don't Have a Strategy for Stopping Insider Threats Despite Growing Risk

 

New research from Forrester (commissioned by Imperva) has found that three-quarters (74%) of APAC organisations do not have an insider risk management strategy or policy. In India, it is 69%. 
 
This approach is at odds with today’s threat landscape where the risk of malicious insiders has never been higher due to the rapid shift to remote work and ‘The Great Resignation’. The research backs this up, with insider threats being the cause of the majority (58%) of incidents that negatively impacted sensitive data in the last 12 months. 
 
Other key findings of the report include: 
 
· The majority of APAC respondents blame lack of budget (41%) and internal expertise (38%) 
 
· The main strategies being used to protect against insider threats are encryption (54%) and periodical manual monitoring/auditing of employee activity (44%) 
 
New research, commissioned by Imperva and conducted by Forrester, found that the majority (58%) of incidents that negatively impacted sensitive data in the last 12 months was caused by insider threats, and yet more than half (59%) of APAC organisations do not prioritise insider threats the way they prioritise external threats. 
 
“This approach is at odds with today’s threat landscape where the risk of malicious insiders has never been higher,” says George Lee, Vice President, Asia Pacific and Japan, Imperva. “The rapid shift to remote working means many employees are now outside the typical security controls that organisations employ, making it harder to detect and prevent insider threats. 
 
“Further, ‘The Great Resignation’ is creating an environment where there is a higher risk of employees stealing data. This data could be stolen intentionally by people looking to help themselves in future employment, or it could be taken inadvertently when an employee leaves the organisation.” 
 
Why are organisations not prioritising insider threats? The majority of APAC respondents blame lack of budget (41%) and internal expertise (38%), but other problems abound. A third (33%) of firms do not perceive insiders as a substantial threat, and 24% say their organisational indifference to insider threats is due to internal blockers such as a lack of executive sponsorship. In fact, three-quarters (74%) of APAC organisations do not have an insider risk management strategy or policy, and 70% do not have a dedicated insider threat team. 
 
Previous analysis by Imperva into the biggest data breaches of the last five years found one quarter (24%) of these were caused by human error (defined as the accidental or malicious use of credentials for fraud, theft, ransom or data loss) or compromised credentials. 
 
APAC firms are prioritising external threats over insider threats, despite the fact that insider events occur more often, says Lee, “Insider threats are hard to detect because internal users have legitimate access to critical systems, making them invisible to traditional security solutions like firewalls and intrusion detection systems. This lack of visibility is a significant risk to the security of an organisation's data. That is why leaders need to focus on the potential threats lurking within their own network.” 
 
The main strategies currently being used by APAC organisations to protect against insider threats and unauthorised usage of credentials are encryption (54%) and periodical manual monitoring/auditing of employee activity (44%). Many are also training employees to ensure they comply with data protection/data loss prevention policies (57%). Despite these efforts, breaches and other data security incidents are still occurring and more than half (55%) of respondents said that end users have devised ways to circumvent their data protection policies. 
 
“If your organisation hasn’t created a focused strategy to adequately address insider risk, this needs to be a priority for 2022. An effective insider threat detection system needs to be diverse, combining several tools to not only monitor insider behaviour, but also filter through the large number of alerts and eliminate false positives. Also, as protection of a companies’ intellectual property begins at the data layer, a comprehensive data protection plan must include a security tool that protects the data layer,” says Lee. 
 
According to Imperva, organisations looking to better protect against insider threats should take the following steps: 
 
● Gain stakeholder buy-in to invest in an insider risk program. Insider risk is a human problem, not a technology issue, and must be treated as such. It is also a risk that cuts across all parts of the business. Therefore it is important to get senior executives from across the company to endorse and support the insider risk program for it to be successful. Start at the top to gain buy-in and sponsorship, then engage with leaders from HR, Legal, IT, and other parts of the organisation. 
 
● Follow Zero Trust principles to address insider risk. Following a Zero Trust approach helps protect data and users while limiting the ability of insiders to use sensitive resources not required by their function. 
 
● Build a dedicated function to address insider risk. Since insider risk is a human problem and very sensitive in nature, it requires dedicated resources. These may be part of the security team or, better yet, a separate dedicated function. Either way, this team needs a specific mandate for insider risk and training to recognize and respond to insider threats. 
 
● Create processes for your insider risk program and follow them. The sensitivity of insider risk and its associated privacy concerns require that strict policies are implemented and followed. Treat every investigation as if it will end up in court and apply policies consistently. 
 
● Implement a comprehensive data security solution. A complete solution goes beyond DLP to include monitoring, advanced analytics, and automated response to prevent unauthorised, accidental, or malicious data access. The technologies you deploy should support the processes you’ve created and the mandate for your insider risk function. Your organisation will see cost savings and a reduction of risk from business impacting security events. 
 

Insider Threat : Employees of Russian banks are massively recruited to get data


In Russia, there are 73 services that recruit insiders in Russian banks. This information was shared by Darknet researcher Anton Staver.

"Many groups providing such services is due to the amount of work that falls on them," explained Staver. According to the researcher, services that recruit Bank employees receive up to 50 orders a day, which is enough for the existence of an entire industry.

The expert said that customers of such data are usually competitors of banks, jealous spouses of customers, as well as hackers and scammers. Scammers often asked to choose a list of victims with the big account balance. At the same time, according to Staver, recruitment is most often “carried out by specialized structures”.

The expert noted that recruiters receive from customers about 15 thousand rubles ($240) for one employee of the Bank. During the work, the recruiter receives the search criteria, after which the client receives the contacts of the necessary person in Telegram or Jabber. It takes about 5-7 days to search for an insider.

Pavel Krylov, who runs a company specializing in the investigation of cybercrime, agrees with the research data. "Fraudulent schemes using personal data are now successful and effective, so attackers are actively looking for insiders in banks," said the expert. He also noted that various criminal groups taking advantage of theft and withdrawal options use schemes with recruitment for monetization.

The cost of recruitment ranges from 7 thousand to 100 thousand rubles ($112-$1600) and depends on the complexity of the task. If the security service of the Bank works effectively, the price will be much higher. Employees are usually hired through social networks, instant messengers, personal contacts, LinkedIn.