Home Working Drives 44% Surge in Insider Threats
Insider threats cost organizations an average of over $15m annually to remediate last year, with stolen credentials a growing risk, according to Proofpoint.
The security vendor’s 2022 Cost of Insider Threats Global Report was compiled from interviews with over 1000 IT professionals and analysis of more than 6800 incidents across the globe.
It revealed that the cost and frequency of insider incidents are on the rise. Associated costs jumped 34%, from $11.5m in 2020 to $15.4m in 2021, while the overall volume surged by 44% over the period.
The frequency of incidents per company also increased, with 67% of companies experiencing between 21 and more than 40 incidents per year, up from 60% in 2020.
Negligence continues to account for the majority (56%) of insider threats, at the cost of nearly $485,000 per incident.
Failure to ensure devices are properly secured or patched and not following corporate security policy are typical issues that have exposed organizations over the past year. They’re especially prevalent as many employees now work from home, where it’s often harder for IT teams to enforce policy effectively.
That’s resulted in a near-doubling of credential theft incidents since 2020, at a cost to organizations of $804,997 per incident.
However, malicious intent is also a major cause of insider threats, accounting for a quarter (26%) of incidents at an average cost of $648,000 to remediate. Once again, the work-from-home (WFH) mandate has driven this trend, allowing employees more remote access to sensitive data, according to Proofpoint.
Ryan Kalember, EVP of cybersecurity strategy at Proofpoint, described people as the “new perimeter” in the fight against spiraling cyber-risk.
“Months of sustained remote and hybrid working leading up to ‘The Great Resignation’ has resulted in an increased risk around insider threat incidents, as people leave organizations and take data with them,” he argued.
“In addition, organizational insiders, including employees, contractors and third-party vendors, are an attractive attack vector for cyber-criminals due to their far-reaching access to critical systems, data and infrastructure.”
Unfortunately, current efforts to detect insider risk appear to be failing: it now takes an average of 85 days to contain an insider incident, up from 77 days in 2020.
More Stories
Friday Squid Blogging: Squid Trackers
A new bioadhesive makes it easier to attach trackers to squid. Note: the article does not discuss squid privacy rights....
How To Teach Your Kids About Deepfakes
Is it real? Is it fake? Deepfake technology has certainly made everything far more complicated online. How do you know...
Alarming Decline in Cybersecurity Job Postings in the US
This drop represents a direct threat to US national cybersecurity infrastructure, said CyberSN representatives in their report Read More
Akira Ransomware Group Rakes in $42m, 250 Organizations Impacted
A joint advisory from Europol and US and Dutch government agencies estimated that Akira made around $42m in ransomware proceeds...
Quishing Attacks Jump Tenfold, Attachment Payloads Halve
The figures come from Egress’s latest report, which also suggests secure email gateways lag behind tech advancements Read More
Russia’s Sandworm Upgraded to APT44 by Google’s Mandiant
Mandiant has confirmed that Sandworm is responsible for many cyber-attacks against Ukraine has close ties with a Russian hacktivist group...