For the last two years as organizations adapt with remote work and other effects of the COVID-19 pandemic, cybercriminals have had a field day by exploiting weaknesses in distributed work security and the fact that our attention is elsewhere.
That has forced many companies to invest in new technology to harden network defenses from outside threats, but a new report from cybersecurity firm Proofpoint suggests insider threats are also costing organizations dearly as companies deal with an unmotivated workforce stemming from the pandemic.
The report, “2022 Cost of Insider Threats Global Report,” says negligent insiders are the root cause of 56% of incidents, with credential thefts almost doubling and becoming the costliest attack to remediate at an average of over $800,000 each.
The report, a survey of more than 1,000 IT and IT security professionals across North America, Europe, Middle East, Africa and Asia-Pacific in conjunction with the Ponemon Institute, shows that the frequency and associated cost of insider threats has increased dramatically over the last two years, including carelessness or negligence, malicious insiders and cybercriminal credential theft.
Annually, impacted organizations spend an average of $15.4 million on overall insider threat remediation, an increase of 34% from 2020.
In addition, the overall number of insider threats has skyrocketed, increasing by 44% in the last two years. Now, 67% of organizations are reporting between 21 and more than 40 incidents per year, which is up from 60% in 2020.
Credential theft continues to be a thorn in the side of IT security professionals, with those incidents being the costliest to mitigate at about $805,000 each. Those account compromises make up 18% of insider-based attacks, the report found.
While negligence led to the bulk of cyberattacks that leveraged an insider, even more alarming are the increasing threats from malicious insiders. According to the study, malicious or criminal insiders were behind just over a quarter of incidents, with an average cost of just under $650,000.
However, when asked about which incidents they are most concerned about, IT pros indicated credential stealing by hackers far outweighs malicious or negligent insiders by marks of 55%, 24% and 21%, respectively.
Proofpoint’s survey echoes similar findings from cybersecurity company Hitachi ID, which released a survey this month in which 65% of IT professionals polled say employees in their organization have been approached (mostly via email) to assist with a ransomware attack, a 17% increase from a similar survey run in the fall of 2021.
Regardless of how insider threats originate, Proofpoint calls on organizations to gain visibility and context into data movement to help accelerate detection and response times. Proofpoint also urges companies to evaluate the organization’s risk and develop a dedicated insider threat program.
Ryan Kalember, executive vice president of cybersecurity strategy at Proofpoint, says months of sustained remote and hybrid work as well as The Great Resignation has resulted in increased risk round insider threats as employees leave and take data with them.
“In addition, organizational insiders, including employees, contractors, and third-party vendors, are an attractive attack vector for cybercriminals due to their far-reaching access to critical systems, data, and infrastructure,” he says. “With people now the new perimeter, we recommend layered defenses, including a dedicated insider threat management solution and strong security awareness training, to provide the best protection against these types of risks.”