Companies have to deal with and prepare for a plethora of security issues at all times, but insider threats, in particular, have become a major concern for companies everywhere.
Because of this growing concern, many working in the IT field will want to learn more about insider threats and what the rest of 2019 may look like in this regard. It can be difficult to predict what the future will hold in such a fast-paced and ever-changing field, but there are a few trends that provide insight into what is going to change this year regarding insider threats.
Here are the key trends—including AI and what it may deliver—that your team should track.
The rate of incidents
Insider threats have long been an issue for companies, but they have only become more prevalent as systems have gotten increasingly interconnected. Some 90% of companies feel that they are vulnerable to insider attacks, according to a study by Cybersecurity Insiders. Because of this, 64% of organizations are now putting their focus on detecting insider threats and preventing attacks from happening, and 86% already have or are working on creating a program to prevent insider attacks.
These numbers show that organizations are becoming increasingly cautious about the potential for insider threats to negatively impact them. This is for good reason, since 53% of the organizations surveyed in the Cybersecurity Insiders' study experienced an insider attack themselves.
Similarly, Verizon’s 2018 Data Breach Investigations Report shows that insider attacks accounted for 28% of all data breaches, an increase of three percentage points over the 2017 report. The increase is much larger in some industries than others. For example, companies in the financial industry saw an increase of 13 points between 2017 and 2018. If this trend continues, then we may very well see another increase in the number of insider attacks in 2019.
[ Also see: The 30 cybersecurity stats that matter most ]
An increasing cost
The rate of insider threats isn't the only thing that may increase this year. The average cost of each insider attack may become larger as well. According to a study by the Ponemon Institute and sponsored by IBM, the average cost in 2016 for insider-related incidents was $4.3 million. By 2018, the average cost for these attacks was $8.7 million. The big takeaway: The average cost for a data breach is trending upwards both in the US and globally.
If this trend continues to hold in 2019, then it’s likely that we will see costs go up even more. This makes it all the more important for organizations to focus their efforts on stopping insider threats before they can cause significant damage.
State-sponsored attacks
2019 may also see a rise in insider attacks that are sponsored by nation-states. These attacks have the potential to be very lucrative for the country sponsoring them, since they can acquire company secrets.
A good example of such an attack was the case, earlier this year, in which one of Apple's engineers was accused of sharing information about the company's autonomous vehicle program with the Chinese government. The engineer was allegedly a malicious insider who was willfully acting on behalf of the Chinese government to steal trade secrets.
However, not all state-sponsored insider attacks are done through willing participants. In 2014, a dozen Nuclear Regulatory Commission personnel became negligent insider threats and gave up potentially sensitive data after falling victim to a phishing attack by a foreign government. (The NRC has since beefed up its insider-threat program.)
State-sponsored insider attacks are increasingly becoming a more prevalent issue for companies everywhere, but especially those in tech, banking, and telecom. As cases like these become more common, we may see a shift toward organizations focusing on stopping state-sponsored insider threats.
Is AI the answer to detecting insider threats?
As more organizations put their focus on insider threats and how to prevent them, many will be trying to figure out the best ways to do this. While damage control is still important for those cases where an attack is already happening, it would be much better to prevent it from happening to begin with.
While there are a few methods for preventing insider attacks that companies are already using—such as having DevOps focus more on security, or using employee monitoring software to keep track of employees' behavior—some organizations are looking into using artificial intelligence (AI) to detect and stop insider threats.
It remains to be seen just how effective AI will be in this role, but it has the potential to be the future of preventing insider threats.
[ Also see: The state of AI and security: Tools emerge to take on adversarial attacks ]
New methods rise to the challenge
Throughout the rest of 2019, expect to see more focus on detecting and preventing insider threats, as their frequency and cost continue to increase. More companies will invest more effort to prevent them before they happen. State-sponsored insider attacks in particular will become more of a focus for organizations everywhere, since they will likely continue to rise in prevalence as well.
In general, organizations will be looking into any new methods they can in order to prevent these devastating attacks. These methods will most likely include leveraging machine learning to help detect potential insider threats before they can cause damage. Companies will also, no doubt, implement more traditional methods, such as employee monitoring and training.
One thing is for sure: Insider threats continue to be a threat for organizations all over the globe, and 2019 won’t be any different in this regard. Insider threat prevention is more important than ever.
Keep learning
Learn from your SecOps peers with TechBeacon's State of SecOps 2021 Guide. Plus: Download the CyberRes 2021 State of Security Operations.
Get a handle on SecOps tooling with TechBeacon's Guide, which includes the GigaOm Radar for SIEM.
The future is security as code. Find out how DevSecOps gets you there with TechBeacon's Guide. Plus: See the SANS DevSecOps survey report for key insights for practitioners.
Get up to speed on cyber resilience with TechBeacon's Guide. Plus: Take the Cyber Resilience Assessment.
Put it all into action with TechBeacon's Guide to a Modern Security Operations Center.
