sb-au logo
Story image

Research: 61% of companies have suffered an insider attack in last 12 months

03 Sep 2020

61% of companies have reported at least one insider attack within the last year, and 22% of these companies have suffered at least six separate attacks during the same period, according to new research from Bitglass.

It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.

The research comes from Bitglass’ recently released 2020 Insider Threat Report, which surveyed IT professionals around the world around navigating the tightrope between budgetary considerations and data protection concerns.

Securing against insider threats has become one of the most challenging security concerns for companies, with most organisations being unable to guarantee that they can detect insider threats stemming from personal devices (82%) or the cloud (50%). A further 81% find it difficult to assess the impact of insider attacks. 

The common practice of having multiple disjointed tools decreases the chances of speedy detection, according to the research. Having different tools with disparate levels of protection, security professionals spend an excessive amount of time managing each of the solutions individually.

As such, 49% of respondents stated that at least one week typically goes by before insider attacks are detected; additionally, 44% said that another week usually passes before the organisation recovers from the attacks.

The growing threat of insider attack is exacerbating budgets that were already constrained before the pandemic, and security teams are increasingly being asked to do even more with less – 73% of companies’ security budgets are decreasing or staying flat over the next year. 

“Enterprises report that loss of critical data and disruption to business operations are the biggest repercussions of insider attacks,” says Bitglass chief technology officer Anurag Kahol.

“Along with brand damage, remediation costs, legal liabilities, and loss of revenue, these are serious ramifications that must be prevented. 

“Enterprises need a multi-faceted security platform that is designed to monitor user behaviour, secure personal devices, deliver maximum uptime and cost savings, and prevent leakage on any interaction. 

“Only then can they defend against insider threats.”

The Bitglass report comes days after the company announced it had won a US patent for its SAML relay that helps to provide more transparency and real-time access control of cloud services.

SAML, which stands for security assertion markup language, has become popular in recent years as security vendors as an open standard for authentication and authorisation. 

Bitglass designed its SAML relay to allow a cloud access security broker (CASB) to be inserted into the traffic flow between users and cloud services during the login process, all in a transparent manner.

Bitglass CEO Nat Kausik says, “This patent is further recognition that Bitglass is the architect of SAML relay and reverse proxy technology that all CASB vendors have imitated.”

“For organisations that need transparent cloud security, the Bitglass CASB remains the solution of choice. Today, it is a core component of our SASE offering, along with our SmartEdge Secure Web Gateway and our zero trust network access.”

Story image
Claroty and CrowdStrike form partnership to protect industrial control system environements
The integration will deliver visibility into industrial control system (ICS) networks and endpoints, with a one-stop-shop for information technology (IT) and OT asset information directly within The Claroty Platform.More
Story image
Video: 10 Minute IT Jams - Vectra AI exec discusses cybersecurity for Office 365
In Techday's second IT Jam with Vectra AI, we speak again with its head of security engineering Chris Fisher, who discusses the organisational impact of security breaches within Microsoft O365, why these attacks are on the rise, and what steps organisations should take to protect employees from attacks.More
Story image
Commvault expands features for Disaster Recovery solution
The solution, which offers disaster recovery automation through a single extensible platform, will now support orchestration to and from on-premises, Azure and AWS.More
Story image
DDoS attacks surge, becoming more sophisticated
After doubling from Q1 to Q2, the total number of network layer attacks observed in Q3 doubled again — resulting in a 4x increase in number compared to the pre-COVID levels in the first quarter. More
Story image
IDC names ESET a Major Player second year running
“ESET is strong in the areas of threat research, especially around Android malware identification and behavior detection.”More
Story image
Cyber Security Cloud launches WafCharm on Microsoft Azure
Already available to more than one million Amazon AWS users around the world, this launch provides Azure users with AI operation of Web Application Firewall (WAF) rules, expanding WafCharms availability to 60% of the world's cloud users. More