Incident Response, TDR

1 in 50 employees a malicious insider?

A survey recently conducted by Imperva showed that 36 percent of surveyed companies have experienced security incidents involving malicious employees in the past 12 months.


The survey studied the attitudes of 250 UK-based IT professionals into insider threats. One in fifty employees is believed to be a malicious insider.


The companies surveyed provided revealing examples of the damage that can be done by malicious attacks, which included the theft or dissemination of confidential information, identity theft, loss of productivity, and damage to equipment and facilities. One company had to shut down its doors for three weeks following an attack against its network and another had its online banking system hacked due to a phishing scam.


It was also discovered that 12 percent of companies suffered a security incident as a result of a careless employee, and 21 percent of IT pros agree or strongly agree that their company is loaded with “data dummies” otherwise known as individuals that inappropriately access and misuse enterprise data.


Some incidents caused by careless and compromised employees included:

  • A malicious insider accessed the machine of an employee who forgot to log-out of their computer, thus deleting all company files
  • Sharing important confidential documents with the wrong people via email
  • Visiting illicit websites and introducing malware to an organisation's corporate network

“Our study shows that the insider threat is real and reinforces the fact that the biggest threat to enterprise security is the people already on the payroll. The unfortunate reality is that insiders can do far more damage than external attackers because they have legitimate access and vast opportunity. To mitigate the risk, enterprises should ask themselves where sensitive data lives, and try to invest more money in protecting that, instead of wasting budget solely building ‘higher' and more advanced firewalls. Detecting insider threats requires combining a set of technologies and techniques. The basis for good detection is proper monitoring of all data access activity. On top of that, there should be anomaly detection based on behaviour analysis that can detect abusive access patterns or abnormal extraction patterns,” said Terry Ray, chief strategist at Imperva.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.