Haystax Technology and SANS today released an industry survey titled “Defending Against the Wrong Enemy: 2017 SANS Insider Threat Survey” that illustrates the importance of managing internal threats to win at cybersecurity.
According to the survey, 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced. Furthermore, nearly half (49 percent) said they were in the process of developing a formal incident response plan with provisions to address insider threat. This further illustrates the urgency with which companies are moving to address this threat vector.
“We are encouraged to see organizations recognizing malicious insiders as the top threat vector, but we are not seeing the necessary steps taken to address it,” said Haystax CEO, Bryan Ware. “Existing tools aren’t smart enough, or don’t have the context needed to identify malicious insiders. What’s needed is contextually-smart, user behavior analytics that produce actionable intelligence for decision makers.”
Despite the increased awareness of the threat from malicious insiders, many organizations continue defending against the wrong enemy by failing to implement effective detection tools and processes to identify these malicious insiders. A third of survey respondents (33.6 percent) have these tools and technology, but have not used them operationally and more than a third (38 percent) of survey respondents are in the process of re-evaluating internally to better identifying malicious insiders.
“It is misleading to see that sixty percent of respondents said they had not experienced an insider attack,” said SANS instructor and survey report author, Eric Cole, PhD. “The rest of our data indicates that organizations still are not effective at detecting insider threats, so it’s clear that most either didn’t notice threats or attacks, or didn’t realize those incidents involved malicious insiders, or outsiders using compromised insider credentials.”
Among SANS’ recommendations for shoring up insider threat detection efforts is increasing visibility into user behavior. Haystax’s Constellation Analytics Platform™ does exactly that by leveraging a unique, model-first approach to insider threat. It includes more than 700 key risk indicators that, when coupled with a broad variety of data, can reason like a team of experts, at scale, to determine trustworthiness, a key predictor of malicious intent.
Access the full SANS 2017 Insider Threat Survey, compliments of Haystax Technology.