43% of Security Pros Could Execute Insider Attack
A recent survey of nearly 200 IT professionals about insider threats found that nearly half of the participants believed they could successfully attack their organizations from the inside. In a blog post earlier this week Imperva researchers reported on insider threats and revealed the findings of the recent survey.
Of the 179 IT professionals who participated in the survey, 43% said they were confident they could execute an insider attack. Only a third said carrying out an insider attack would be either difficult or impossible, while a mere 22% felt they had a 50/50 chance of successfully stealing information from the inside.
When asked how they would execute a successful insider attack, 23% said they would use their company-owned laptop to steal information from the organization, 20% would use their personal computers, and 19% would use their own laptops.
“The continued reliance on data for today’s businesses means more people within an organization have access to it,” explained Imperva CTO Terry Ray. “The result is a corresponding increase in data breaches by insiders either through intentional (stealing) or unintentional (negligent) behavior of employees and partners."
“While the most sensational headlines typically involve infiltrating an ironclad security system or an enormous and well-funded team of insurgents, the truth of how hackers are able to penetrate your system may be less obvious: it’s your employees,” he continued.
Insider threats continue to rank top concerns when it comes to cybersecurity threats, suggesting that every company could potentially fall victim to an insider-related breach whether from a malicious actor or an unintended threat.
“It’s much better to put the necessary security measures in place now than to spend millions of dollars later," Ray said. "Every company can take some basic steps in their security posture to minimize insider threats, including background checks, monitoring employee behavior, using the principle of least privilege, controlling and monitoring user access, and educating employees.”
Source: Information Security Magazine