A survey on insider threats conducted by unified security and risk analytics firm Gurucul, revealed that nearly 65% of cybersecurity professionals have accessed documents that are not related to their job profiles. It also found that 40% of respondents who had negative performance reviews, also admitted to abusing their privileged access.
According to the survey responses, about 58% of security professionals in the finance sector admitted that they have emailed company documents to their personal accounts. While 78% of them in the manufacturing sector accessed documents unrelated to their job profiles. In retail, 86% of security professionals said they’ve clicked on links from unknown sources. The survey findings are based on the responses from 300 cybersecurity professionals across the world from the small, medium, and large organizations of various sectors.
Commenting on the survey findings, Saryu Nayyar, CEO of Gurucul, said, “We knew insider privilege abuse was rampant in most enterprises, but these survey results demonstrate that the info security department is not immune to this practice. Detecting impermissible access to resources by authorized users, whether it is malicious or not, is virtually impossible with traditional monitoring tools. That’s why many organizations are turning to security and risk analytics that look at both employee and entity behaviors to identify anomalies indicative of insider threats.”
Several industry experts stressed that insider threats are the primary concern for every security leader, as many organizations fail to address the insiders within their own company. As a result, several data breaches happen due to employee negligence or unintentional actions like responding to a phishing email with sensitive information or downloading malicious content.
Human Element in Security Breaches
According to Ponemon Institute’s Cost of Data Breach study, 47% of the organizations stated that the root cause of the security breaches they suffered was malware or cyberattack. It’s also revealed that there is a human element in every single security breach. Sometimes, it’s a malicious actor with an intent to harm the company and ensure that they benefit; other times, it’s an employee who accidentally clicks on a phishing email, for example, and unexpectedly exposes the organization to malware.