Nowadays, it seems like not a day can pass without us hearing about the newest cyber attack examples. News about data breaches or a high profile cyber terrorism attacks on government or private organizations are constantly popping up in mass media. Cyber crimes are keep happening around the world and there is no doubt in anyone’s mind that they present a prominent issue for companies worldwide.
However, the big question is – how cyber security landscape has changed over the years. Companies keep investing in security and new solutions keep popping up. Does this mean that we are better now than we were before? What are an actual dynamics of cyber security landscape? These questions are important, because they help us understand where to focus our resources and how much resources we need. Therefore, it is paramount for effective cyber protection to know the latest trends in the field. To help us understand them, let’s look at some cyber security statistics.
Cyber crime statistics paint a somber picture
There is a huge number of cyber attack statistics and various facts about cyber crime available out there. Researches are constantly funded by vendors and various independent organizations, providing a plethora of numbers to choose from. All of this data is very consistent in painting a fairly grim picture. Data breaches are becoming more frequent and more expensive, while at the same time, vulnerability of the average company rises.
While threats, which were widely used couple of years ago, such as spam and malware, are mostly curbed, there are new ones emerging, yet many organizations now are not giving them enough attention. Ransomware, denial of service attacks, and other, related to your own employees, such as fishing and insider attacks are the new threats that you should be worrying about.
Insider attacks in particular present a much bigger danger in our connected world than they were a couple of years ago. Computer security statistics show that they are the most expensive and longest to deal with, and that they happen more frequently, yet many companies are still not employing the proper tools to detect and prevent them. Let’s take a closer look on some key number that support these points:
Number of cyber security incidents keeps increasing at accelerated pace. Increase in 2015 as compared to 2014 was by 38% (source).
Frequency of insider attacks also keeps increasing, with 62% of security professionals reporting increase in the number of insider threats over the 2014-2015 (source).
In 2016, 40% of companies expect a data breach caused by malicious insiders (source).
Top 5 data breaches in US healthcare institutions in 2016 involved data theft, data loss, unauthorized disclosure and email access by malicious insiders (source).
Estimated global annual cost of malicious cyber activity ranges from US $ 300 B to US $ 1 Trillion (source).
From 2016 to 2019 global cyber crime costs are expected to greatly increase, reaching US $ 2.1 Trillion (source).
US government spent US $ 14 billion on cyber security in 2016 with plans to spend US $ 19 billion in 2017 (source).
Average cost of a data breach in US is US $ 154 per record, average cost per data breach is US $ 3.79 MM (source).
In the 12 month ending March 2016, UK saw 3.8 million fraud cases and 2 million cases of computer and data misuse (source).
Among all other cyber crimes, insider threats are the most expensive to deal with. On average, it costs US $ 144 542 to mitigate crimes caused by malicious insiders, while mitigating denial of service attack costs US $ 126 525, US $ 96 424 for web based attacks and US $ 85 959 for phishing attacks (source).
Among all insider breaches, 55% are caused by misuse of privileged accounts (source).
Among all terminated employees, 59% admitted to misusing company data upon termination (source).
Insider attacks take the longest amount to resolve. On average, attacks by malicious insiders take 54.4 days to resolve, while malicious code takes 47.5 days, Web-based attacks - 27.7 days, Phishing & social engineering - 21.9 days (source).
According to Global Economic 2016 survey, only 37% of companies, most of whom were financial institutions, have an incident response plan in place, with half of respondents don’t seeing the need to employ one (source).
While these statistics on cyber crime are scary on their own, they allow us to derive four major facts about insider threats. These cyber security facts, while undeniably true, are not the ones we want to hear.
4 cyber crime facts that should not be ignored
1. Cyber crimes are on the rise and insider threats are no exception.
Despite all the money and effort put into developing cyber security solutions and best practices, number of cyber crimes per year keeps rising. This is a constant trend and there are several reasons for that. Partly, it is due to a very quick rise in the number of companies out there. Attack surface keeps getting bigger, same as potential gains, which attract new perpetrators. Another reason for this rise is the wide availability of tools and knowledge necessary for a successful computer hacking or a data breach. All the necessary manual and technical documentation can be found for free on the internet, not to mention that some sophisticated malware is also widely and freely available for anyone to utilize.
At the same time, many security specialist also see a substantial rise in the number of insider attacks, with insider threat getting more prominent every year. As already mentioned above, our connected technologies make it very easy for a tech savvy insider to access sensitive data and quickly upload it online or carry it all out on thumb stick small enough to be hidden in a wallet.
But malicious actions are not the only type of insider threats out there. Your employees can leak data inadvertently, or become a victim of phishing, and these numbers are also contributing to the rising threat. As it stands now, employees are a huge security liability for any company, whether they malicious or not, yet not everybody is taking the necessary steps to deal with it.
2. Insider threats are very costly.
In an effort to provide better and more personalized services, many companies store more data from their clients, driving remediation costs of potential breaches up. At the same time, consumers are becoming better informed about cyber security and more cautious about their own privacy online. With a steep competition in most markets, they will easily take their business elsewhere, if it will become known that your cyber security is not up to snuff, and the same can be said for your business partners. Increasing damages to company reputation and loss of business are also major contributing factors for high remediation costs across the board.
Insider attacks are almost always related to data breaches or misuse of sensitive data regarding your customers, or employees, intellectual property, future products, financial or marketing information, etc. In other words, the data that will deal the most damage to your business, should it leak online or fall into the wrong hands. While insider attacks may not be as frequent as malware or spam emails, the sheer remediation costs of such an attack are a good reason in and of itself to take insider threats protection very seriously.
3. Insider threats are hard to detect and mitigate.
High remediation costs, however, is not what makes insider threats dangerous. It is the fact that they are very hard to detect and take a very long time to deal with that is the most worrying. Many companies carry on without even noticing continuous data breaches by malicious insiders happening over the years. And when said breach have been noted, it can be very difficult to establish exactly what data was compromised, how long back the breach goes and how that data was used.
But what makes it such a difficult task to detect insider attacks? The main reason is the fact that your employees not only have a legitimate access to the sensitive data, they are required to work with it. It makes it very hard to distinguish data misuse from legitimate work. And with sufficient technical knowledge and level of privileges, employees can easily cover their tracks, alter or delete logs, disable or bypass built-in monitoring services.
4. Privileges insiders are the most dangerous
Among all potential insider threats, the ones coming from privileged insiders are what causing the most concern to security specialists worldwide. As already mentioned above, privilege insiders have much easier time covering their tracks and getting away with it. Moreover, elevated level of privileges, gives them the freedom to conduct many various types of malicious actions. Changing critical system settings, using logic bombs and backdoors in order to access the sensitive data from home after work or after termination, etc.
However, the real cause for worrying lies not in what privilege insiders can do, but rather in how trusted they are. In many companies, users with high level of privileges are fully trusted by the company leadership, with no restrictions put on their actions and no action monitoring in place. This allows them to easily misuse data without any chance for security to detect it. Action monitoring and thorough protection of privileged accounts are paramount for any reliable security.
How to reverse the situation
With the facts on the table, the question is, what can companies do to establish a better computer safety? Cyber security becomes more costly by the minute and while in this case throwing money on the problem can help to solve it, not every company is ready for such a solution. Luckily, even for smaller companies there are things they can do and cheaper solutions they can employ. Next, we will give you 4 tips that will help you reverse the situation and thoroughly protect your company from insider threats.
Cyber crime is the boardroom problem
Cyber crime is a very complex and layered problem that needs to be tackled on a highest level. Direct involvement of the company leadership will help spend money more effectively, hire better personnel and employ the necessary security solutions. Moreover, a direct involvement from the board will provide employees with an example to follow and help better enforce your security policy inside the company.
Educate your employees
2014 State of Cyber security survey from PWC states that 42% of business executives think that security education and rising awareness of employees play big role in deterring criminal attacks. Your employees are your biggest security liability, yet at the same time, they can be your biggest asset when it comes to protecting your organization.
By rising cyber security awareness, you make them aware of the importance of security practices and policies employed in your organization. This will make your employees much more likely to thoroughly follow all the necessary procedures and be more cautious about security implications of their actions. Moreover, this cultivates a culture of security and healthy atmosphere in the office, which may deter malicious insiders and may prone employees to report security violations by their peers, helping you detect insider attacks.
Your employees should be the backbone of your security effort and a truly reliable security starts with educating them on the threats that your company faces and practices that they should follow.
Invest in insider threat protection solutions
Successful prevention and detection of insider threats requires a specific set of measures and solutions that you should invest in. You should be able to thoroughly protect all privileged accounts inside your company and control access to those accounts, and, more importantly, you should be able to clearly identify the person logging in and get an insight into their actions. Only by fully understanding who and how uses your sensitive data your will be able to fully protect it. This requires investment in user action monitoring solutions, many of which are sadly quite expensive.
Read also: Best cyber security practices
While large companies can afford high prices, SMB segment is often left out of options. However, there are action monitoring solutions out there, designed with both SMB and big enterprises in mind. Ekran System in particular, presents a flexible licensing scheme and affordable pricing, making it much more cost effective than competition, especially for smaller deployments. Yet, such affordable price is accompanied by robust functionality, including:
- Full video monitoring of user actions – Ekran System records every user session into indexed video format, coupled with relevant searchable metadata, such as active window and application titles, keystrokes and visited websites, etc.
- Privileged user monitoring – Ekran System can monitor every user regardless of the level of privilege they have and has the necessary protection, preventing even system administrators from stopping or pausing the recording without authorization. Advanced authentication features helps to manage server access.
- Third-party monitoring – Ekran System can monitor third-party subcontractors and service providers, giving you the necessary information to detect any malicious actions on their part. Your third-party partners not necessarily have the same level of security as you, and monitoring their actions is the best way to protect yourself from any breaches.
- Robust alerts and reports – Ekran System provides customizable alerts and repost functionality, allowing you to quickly review the necessary data over the period of time in a convenient fashion, and receive automatic real-time notifications upon suspicious events.
- Virtualization-ready – automatic license provisioning makes Ekran System very convenient and cost-effective for virtual environment.
With new cyber security threats emerging everyday, slow reaction can be fatal in a modern business world. Data breach will not only be a huge financial and reputation hit for your company, it will be a field day for your competition, that will immediately use the situation to gain the upper hand. In order to thoroughly prevent it, you need to strengthen your overall security posture, and cyber crime facts and statistics clearly show that insider threat detection and prevention should be a necessary part of this process.