sb-nz logo
Story image

Research: 61% of companies have suffered an insider attack in last 12 months

03 Sep 2020

61% of companies have reported at least one insider attack within the last year, and 22% of these companies have suffered at least six separate attacks during the same period, according to new research from Bitglass.

It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.

The research comes from Bitglass’ recently released 2020 Insider Threat Report, which surveyed IT professionals around the world around navigating the tightrope between budgetary considerations and data protection concerns.

Securing against insider threats has become one of the most challenging security concerns for companies, with most organisations being unable to guarantee that they can detect insider threats stemming from personal devices (82%) or the cloud (50%). A further 81% find it difficult to assess the impact of insider attacks. 

The common practice of having multiple disjointed tools decreases the chances of speedy detection, according to the research. Having different tools with disparate levels of protection, security professionals spend an excessive amount of time managing each of the solutions individually.

As such, 49% of respondents stated that at least one week typically goes by before insider attacks are detected; additionally, 44% said that another week usually passes before the organisation recovers from the attacks.

The growing threat of insider attack is exacerbating budgets that were already constrained before the pandemic, and security teams are increasingly being asked to do even more with less – 73% of companies’ security budgets are decreasing or staying flat over the next year. 

“Enterprises report that loss of critical data and disruption to business operations are the biggest repercussions of insider attacks,” says Bitglass chief technology officer Anurag Kahol.

“Along with brand damage, remediation costs, legal liabilities, and loss of revenue, these are serious ramifications that must be prevented. 

“Enterprises need a multi-faceted security platform that is designed to monitor user behaviour, secure personal devices, deliver maximum uptime and cost savings, and prevent leakage on any interaction. 

“Only then can they defend against insider threats.”

The Bitglass report comes days after the company announced it had won a US patent for its SAML relay that helps to provide more transparency and real-time access control of cloud services.

SAML, which stands for security assertion markup language, has become popular in recent years as security vendors as an open standard for authentication and authorisation. 

Bitglass designed its SAML relay to allow a cloud access security broker (CASB) to be inserted into the traffic flow between users and cloud services during the login process, all in a transparent manner.

Bitglass CEO Nat Kausik says, “This patent is further recognition that Bitglass is the architect of SAML relay and reverse proxy technology that all CASB vendors have imitated.”

“For organisations that need transparent cloud security, the Bitglass CASB remains the solution of choice. Today, it is a core component of our SASE offering, along with our SmartEdge Secure Web Gateway and our zero trust network access.”

Story image
Got crypto? Pay tax – A quick look at IR's new crypto-asset guidance
Inland Revenue's new guidance aims to provide more certainty for New Zealand taxpayers who hold crypto-assets, and to help people ‘get things right from the start’.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Link image
DevOps teams struggling to achieve enterprise scale - tips for enablement
Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More
Story image
Ripple20 threat could affect 35% of all IT environments – ExtraHop
The vulnerabilities have the potential to ‘ripple’ through complex software supply chains, enabling attackers to steal data or execute code.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More