Cybersecurity researchers have warned against increasing insider threats affecting businesses around the world. In their recent report (via Malwarebytes), researchers have described how insider threats weaken the cybersecurity of companies. Security researchers have also described the number of challenges that companies face when it comes to dealing with insider threats.
-- 58 per cent of organisations participated in the study said they are not effective when it comes to monitoring, detecting and responding to insider threats.
-- 63 per cent of organisations consider privileged IT users biggest security risk. Meanwhile, 51 per cent of regular employees, 50 per cent temporary works and 50 per cent executives echo a similar opinion about privileged IT workers.
-- 68 per cent of organisations feel that they are moderate to extremely vulnerable to insider threats.
-- 52 per cent of organisations find it difficult to detect and prevent internal threats than external attacks.
-- 68 per cent of organisations have observed that insider threats have become more frequent in the past 12 months.
Apart from the key findings, researchers highlight some of the primary reasons why organisations are facing difficulties in detecting and preventing insider threats. Some of the reasons include an increase in the use of a number of software applications that leak data, further resulting in the misuse of credential or access credentials.
Following are some of the reasons why organisations are more prone to internal cyber threats:
-- 59 per cent of insiders have access to the company's network and services.
-- 50 per cent increment in use of third-party applications that are likely to leak data.
-- 47 per cent increment in the amount of data that leaves protected boundary.
-- 38 per cent end-user devices are capable of data theft.
-- 35 per cent migration of sensitive data to the cloud along with the adoption of cloud apps.
-- 32 per cent insiders are sophisticated.
-- 28 per cent difficulty in detecting rogue devices introduced into the network or systems.
Security researchers previously discovered that as much as 67 per cent of companies do not report cybersecurity incidents to regulators. Although it is mandatory for companies to follow compliance rules, companies defy reporting guidelines, possibly to keep away from regulatory punishments and public disclosure that can hurt their reputation.