A new report by BetterCloud reveals that 91% of IT and security professionals fear insider threats. The report says this likely stems from the increase in popularity of Software as a Service (SaaS). SaaS involves end users interacting with and sharing data freely, which can lead to leaks — intentional or not.
These leaks are known as “insider threats,” which consist of three types:
•Compromised: Exploited by outsiders through compromised credentials
• Malicious: Intentionally causes harm, either for personal or financial gain
• Negligent: Well-meaning, but accidentally exposes sensitive information
When employees use multiple endpoints such as desktops, laptops, tablets, smartphones, Chromebooks, etc. that connect to a corporate network, it creates a potential point of ingress for attackers. As the use of SaaS and Cloud in the security industry continues to grow, it is imperative to make sure you remain secure. So what can you do? BetterCloud offers these four tips to avoid insider threats:
1. Invest in security awareness training: Instill a culture of security that makes employees feel personal ownership.
2. Get visibility into user interactions (e.g., suspicious user behavior or data exposure due to settings misconfigurations) in SaaS apps: Utilize a SaaS Operations Management (SOM) platform to listen for any changes in application configurations, document settings and privileged access.
3. Be aware of key data points and behaviors that may indicate an imminent insider threat.
4. Have the right tools in your insider threats toolkit, such as traditional DLP tools (email, endpoint, web), web proxy logs, privileged access management (PAM), HR/people data, etc.
BetterCloud surveyed 491 IT and security professionals in October 2018, with respondents ranging from C-level executives, to IT admins to security engineers, representing organizations of varying sizes (less than 100 employees to 10,000+) across all industries.
Additional Insider Threat Study Findings
• 62% of respondents believe the biggest security threat comes from well-meaning but negligent end-users.
• 75% believe the biggest security challenge lies in Cloud storage/file sharing and email.
• 46% of IT leaders believe that the rise of SaaS applications makes them the most vulnerable to insider threats.
• 53% felt the employees who were most likely to be a threat were those who have left or were planning to leave the company, or contractors whose contract had ended.
