The answer always goes back and forth between who presents the biggest challenge for security the outside attacker or the insider? Right now, it appears the insider is causing more problems – if the victim is aware of an attack at all.
A majority (62 percent) of security professionals said insider threats have become more frequent in the last 12 months, according to a report from security specialist SpectorSoft.
The report also found fewer than 50 percent of organizations have appropriate controls to prevent insider attacks, with privileged users, such as managers with access to sensitive information, posing the biggest insider threat to organizations (59 percent).
The catch is, though, only 34 percent of security experts expect additional budget to address the problem, the report said.
Less than a quarter (22 percent) of respondents saw no rise in insider attacks over the last 12 months. A troubling 45 percent of respondents were unsure if they had suffered an attack or not.
Insider threats are difficult to detect since the majority of security budgets and efforts end up directed at defending the perimeter. Defending the perimeter is important, but has little affect against an insider attack, who automatically is already inside the perimeter.
Another aspect found the security mentality focuses on preventing attacks versus having zones that can help ward off any type of attack.
The idea of monitoring users’ activity and behavior when they are in the network would be another way to detect abnormal activity or behavior that deviates from the norm.
Joel Langill, an independent security researcher, consultant, creator of the website SCADAhacker.com, users need to learn from the incidents and understand what they should do and sometimes that means not doing the standard measure.
I would hope that asset owners, end-users, vendors and suppliers will start to realize the importance of moving beyond traditional tactical security controls to more strategic controls like using application control and whitelisting methods.
“Strategic controls offer more resilience to evolving threats that are coming through sophisticated threat actors by not depending on knowledge that originates external to your security perimeter,” Langill said. “By identifying a safe and secure baseline fingerprint, that can be used to detect anomalies very quickly within the secure industrial networks.”