Subscribe to Email Updates

Subscribe

mdr-nurture-mdr-email1-banner

Current Security Tools Hamper Detection of Insider Threats, Survey Shows

By Filip Truta on Oct 01, 2020 | 0 Comments
  • 36% of respondents say they don’t need privileged access to do their jobs but have it anyway
  • 85% of IT pros say the risk is either unchanged or increasing in the next 12 to 24 months
  • 60% of respondents working in government find it difficult to detect insider threats because behavior is consistent with the individuals’ role and responsibility
  • Respondents in the commercial sector say their current cybersecurity tool stack yields too many false positives and more data than can be reviewed in a timely fashion

Organizations in the UK and the US are struggling to improve their privileged access governance practices and reduce the likelihood of a security incident caused by insiders, according to a new report.

Database administrators, network engineers, IT security practitioners and cloud custodians have more privileged access to sensitive data than they need for their jobs. The data point comes from a survey by The Ponemon Institute, commissioned by Forcepoint, of 900 IT pros in organizations across the US and UK (mostly government institutions).

While government organizations are taking some steps to manage the risk, 85% of respondents say the risk is either unchanged or increasing in the next 12 to 24 months.

36% of respondents say they don’t need privileged access to do their jobs but have it anyway. The reasons?

“First, everyone at his or her level has privileged access even if it is not required to perform a job assignment (38 percent of respondents),” according to the report. “Second, the organization failed to revoke these rights when they changed their role and no longer needed access privileges (37 percent of respondents).”

In a key finding, both commercial and state organizations have difficulty in knowing if an action taken by an insider is truly a threat. 60% of respondents working in government say it is difficult to detect because behavior is consistent with the individuals’ role and responsibility. However, for commercial (public) institutions, the difficulty is exacerbated by the actual security tools employed by the organization.

More than half of respondents in the commercial sector said their current cybersecurity tool stack simply yields too many false positives and more data than can be reviewed in a timely fashion.

53% of respondents further noted that their tools don’t provide enough contextual information to combat insider threats – whether malice or human error.

“In government, behavior is the biggest challenge to detecting an insider event and in commercial organizations it is due to the failure of security tools,” the surveyors said. “Both government and commercial organizations do not have confidence that their organizations have visibility in understanding if users are compliant with policies.”

Securing the human layer takes a holistic approach – especially with more and more organizations relying on a remote workforce. Bitdefender GravityZone Elite is an integrated endpoint protection, risk management, and attack forensics platform, enhanced with user behavior risk analytics. IT reps can leverage integrated Risk Management and Analytics to continuously assess, prioritize and address misconfigurations and vulnerabilities, including human-triggered ones.

Share This Post On

Author: Filip Truta

Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.