Report: Nearly Half of Security Professionals Think They Could Execute a Successful Insider Attack on Their Organization – Blog | Imperva
As potential threats and entry points into organizations’ databases keep growing, so does the amount of money folks are throwing at detecting and actioning insider threats.
In a new blog post, Imperva researchers report on insider threats and reveal the findings of a recent survey of 179 IT professionals, which include:
- A staggering 43% said they believe they could execute a successful attack on their own organizations.
- Only a third believe it would be difficult or impossible to carry out a successful insider theft and just 22% say they would have a 50/50 chance.
- When asked to put themselves in the shoes of a malicious insider, 23% of security professionals said they would use their company-owned laptop to steal information from their company, while 20% said their personal computer, and 19% said their laptop.
Imperva CTO Terry Ray explained: “Business’s continued reliance on data means more people within an organization have access to it. The result is a corresponding increase in data breaches by insiders either through intentional (stealing) or unintentional (negligent) behavior of employees and partners. While the most sensational headlines typically involve infiltrating an ironclad security system or an enormous and well-funded team of insurgents, the truth of how hackers are able to penetrate your system may be less obvious: it’s your employees. Insider threats are one of the top cybersecurity threats and a force to be reckoned with. Every company will face insider-related breaches sooner or later regardless of whether it is caused by a malicious action or an honest mistake. And it’s much better to put the necessary security measures in place now than to spend millions of dollars later. Every company can take some basic steps in their security posture to minimize insider threats, including background checks, monitoring employee behavior, using the principle of least privilege, controlling and monitoring user access, and educating employees.”