Home Working Drives 44% Surge in Insider Threats
Insider threats cost organizations an average of over $15m annually to remediate last year, with stolen credentials a growing risk, according to Proofpoint.
The security vendor’s 2022 Cost of Insider Threats Global Report was compiled from interviews with over 1000 IT professionals and analysis of more than 6800 incidents across the globe.
It revealed that the cost and frequency of insider incidents are on the rise. Associated costs jumped 34%, from $11.5m in 2020 to $15.4m in 2021, while the overall volume surged by 44% over the period.
The frequency of incidents per company also increased, with 67% of companies experiencing between 21 and more than 40 incidents per year, up from 60% in 2020.
Negligence continues to account for the majority (56%) of insider threats, at the cost of nearly $485,000 per incident.
Failure to ensure devices are properly secured or patched and not following corporate security policy are typical issues that have exposed organizations over the past year. They’re especially prevalent as many employees now work from home, where it’s often harder for IT teams to enforce policy effectively.
That’s resulted in a near-doubling of credential theft incidents since 2020, at a cost to organizations of $804,997 per incident.
However, malicious intent is also a major cause of insider threats, accounting for a quarter (26%) of incidents at an average cost of $648,000 to remediate. Once again, the work-from-home (WFH) mandate has driven this trend, allowing employees more remote access to sensitive data, according to Proofpoint.
Ryan Kalember, EVP of cybersecurity strategy at Proofpoint, described people as the “new perimeter” in the fight against spiraling cyber-risk.
“Months of sustained remote and hybrid working leading up to ‘The Great Resignation’ has resulted in an increased risk around insider threat incidents, as people leave organizations and take data with them,” he argued.
“In addition, organizational insiders, including employees, contractors and third-party vendors, are an attractive attack vector for cyber-criminals due to their far-reaching access to critical systems, data and infrastructure.”
Unfortunately, current efforts to detect insider risk appear to be failing: it now takes an average of 85 days to contain an insider incident, up from 77 days in 2020.
More Stories
European Journalists Targeted by Paragon Spyware, Citizen Lab Confirms
This is the first forensic evidence that journalists’ devices have been infected with Paragon’s Graphite spyware Read More
Paragon Spyware used to Spy on European Journalists
Paragon is a Israeli spyware company, increasingly in the news (now that NSO Group seems to be waning). “Graphite” is...
Ransomware Gang Exploits SimpleHelp RMM to Compromise Utility Billing Firm
A CISA advisory urged all software vendors and downstream customers to check if they are impacted by unpatched versions of...
Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows Corporate Data Theft
Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple...
South African man imprisoned after ransom demand against his former employer
Lucky Erasmus and a company insider installed software without authorisation on Ecentric's systems which granted them remote access, enabling them...
Inside a Dark Adtech Empire Fed by Fake CAPTCHAs
Late last year, security researchers made a startling discovery: Kremlin-backed disinformation campaigns were bypassing moderation on social media platforms by...