October 26, 2016 | Security and Risk | Lauren Horaist
The SANS Institute recently found that nearly a third of all organizations still have no capability to prevent or deter an insider incident or attack. Further, only nine percent of surveyed companies ranked their insider threat prevention methods as very effective. Yet as recent headlines show, the insider threat is very real and cannot be ignored.
To protect against insider threats, organizations must first understand—and identify— what the threat is. Our newly released eBook uncovers common misconceptions about insider threats, illustrates how these threats have manifested in real-world situations and provides new insight to help organizations reduce risk across four main categories:
- Exploited Insiders: These are high-value employees specifically targeted by external attackers, usually via phishing. Attackers target employees to gain a foothold inside an organization.
- External Insiders: Did you know that by 2017, 41 percent of workers will be temps, contractors or consultants? Just like employees, these external “insiders” are also a target exploited by cyber attackers.
- Malicious Insiders: While accounting for only 26 percent of insider attacks, malicious insiders, such as disgruntled or angry employees, are the source of some of the most costly and difficult attacks to detect.
- Unintentional Insiders: Most employees are just trying to do their jobs well—yet poor security habits too often put systems at risk.
This infographic details recent industry findings and statistics on insider threats, and highlights how insiders across all four categories can use privileged access to cause intentional or unintentional damage.
For additional information on the topic, read our eBook for details about insider threats and gain guidance on how your organization can contain and detect these attacks.