Most Enterprises Can't Detect or Deter Insider Threats

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

A recent survey of 355 IT professionals has found that 59 percent of respondents don't have the ability to detect insider threats, and 61 percent say they're unable to deter them.

The survey, sponsored by SpectorSoft, also found that 61 percent of respondents don't feel adequately prepared to respond to insider threats.

Thirty-five percent of respondents reported that they had already experienced an insider attack -- 41 percent of those attacks involved financial fraud, and 49 percent of them involved a data leak.

"The nature of insider threats -- authorized persons misusing their authorization -- makes it harder to detect such attacks and protect against them," the SpecterSoft report [PDF] states. "While the percentage of insider threats -- approximately 30 percent of all cyber attacks -- has stayed broadly consistent since 2004, the total number of such attacks has increased dramatically, resulting in $2.9 trillion in employee fraud losses globally per year."

The leading inhibitor to dealing with insider threats, the survey found, is a lack of available technology solutions, followed by insufficient funding and a lack of staffing.

"These statistics paint a bleak picture when it comes to securing company data against insider threats," SpectorSoft chief marketing officer Rob Williams said in a statement. "With so many data breaches happening, C-level executives are coming to the realization that their jobs could be on the line if company data isn't protected."

"Proper defense must include a comprehensive security solution, and with humans involved, education is just as key," Williams added.

Insider breaches impact companies in every industry, though healthcare is a prime target due to the sensitivity of the data being handled.

The Tampa Bay Business Journal recently reported that a former employee of a shredding company was accused of stealing documents intended for shredding, and selling them to people who used them to file fraudulent tax returns -- and CBS Miami reports that former medical assistant La Toya Yvette Tillman recently pled guilty to selling 2,000 patients' names, birthdates and Social Security numbers to a man who used the data to file fraudulent tax returns (h/t PHIprivacy.net).

And earlier this month, a former Cancer Specialists of Tidewater employee was charged with improperly accessing the credit card information and Social Security numbers of as many as 2,000 patients.

A recent eSecurity Planet article offered several tips for defending against insider threats.