With several highly publicized insider threat incidents resulting in harmful data breaches for both government and industry, preventing and detecting such threats are a high priority for our clients. Regulations governing access to classified information have established baseline requirements for insider threat programs. Industry studies confirm that risks are increasing, but not enough is being done to combat those risks.
Defining the insider threat
An insider threat is an individual with access to an organization’s systems and data, who, through either malicious or inadvertent actions, can cause irreparable damage to the organization itself, other industries, government and even citizens. Malicious activities can include theft, espionage, sabotage and insider trading. Non-malicious activities can include falling victim to phishing, malware and ransomware attacks from malicious outsiders.
The growing challenge of insider threats is recognized by our clients as a major risk. CGI’s 2016 Global 1000 is an outlook on trends and priorities based on 1,000+ inperson conversations with business and IT executives conducted by CGI leaders. Among hundreds of U.S. executives participating in these conversations:
- 93% felt vulnerable to insider threats
- 53% saw privileged users as the biggest threat
- 44% had a breach or failed a compliance audit
Recent industry studies also indicate that:
- Remediating a successful insider attack costs $445,000 per incident
- Consequences of an insider attack cost $15 million in annual company losses
- Only 40% of IT budgets include funding for insider threats
- Nearly a third of all U.S. organizations surveyed by SANS in 2015 had no capability to prevent or deter an insider incident or attack
What is your organization doing to protect against insider threats?
Is your organization just doing enough to meet baseline regulatory requirements until there is an insider threat incident? If you’ve already had an incident, are you doing enough to make sure it does not happen again and repair the reputational damage? Or, like most organizations, are you always trying to catch up?
The continued increase in data breaches from insider threats gives organizations across sectors no choice but to place greater emphasis on this problem. While the market continues to focus on individual tools and capabilities to fill gaps in protection, organizations that approach insider threats from a holistic, enterprise view will be better positioned to prevent, detect and respond. There is no single means to prevent an insider threat, so the concept of defense in depth applies here as it does to all areas of security.