Insiders have the potential to cause the most injury to a system or process, a new report said.
That is because 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced, according to a SANS survey.
In addition, 49 percent of respondents said they were in the process of developing a formal incident response plan with provisions to address insider threat. This further illustrates the urgency with which companies are moving to address this threat vector.
Despite the increased awareness of the threat from malicious insiders, organizations fail to implement effective detection tools and processes to identify these malicious insiders.
One third of survey respondents have these tools and technology, but have not used them operationally and 38 percent of survey respondents are in the process of re-evaluating internally to better identifying malicious insiders.
“It is misleading to see that sixty percent of respondents said they had not experienced an insider attack,” said SANS instructor and survey report author, Eric Cole, PhD. “The rest of our data indicates that organizations still are not effective at detecting insider threats, so it’s clear that most either didn’t notice threats or attacks, or didn’t realize those incidents involved malicious insiders, or outsiders using compromised insider credentials.”