More than half of security incidents caused by insiders in 2021

According to Imperva, a staggering 70% of EMEA organizations do not have an insider risk strategy, despite employees being the direct or indirect cause of most data security incidents in the past year.

The security vendor commissioned Forrester to interview more than 150 security and IT professionals in the region as part of a broader survey: Insider threats drive improvements in data protection.

It found that insider threats caused 59% of sensitive data incidents in the past 12 months. This follows an earlier Imperva analysis of the top breaches over the past five years, which found that a quarter (24%) were caused by human error or compromised credentials.

Imperva defines an insider threat as coming from “inappropriate use of legitimate authorized user accounts” by either its rightful owner or a threat actor who has managed to compromise it.

The largest number of respondents to the Forrester survey cited a lack of budget (39%) and internal expertise (38%) as reasons for not prioritizing insider risk. However, nearly a third (29%) said they did not see employees as a major threat, and a similar number (33%) cited internal barriers, such as a lack of corporate sponsorship.

Staff training (65%), manual employee activity monitoring (50%) and encryption (47%) are the most common tactics to protect against insider threats in EMEA, the report found.

However, they appear to have limited impact and (56%) of respondents claimed that their end users had found ways to circumvent data protection policies.

“Internal threats are difficult to detect because internal users have legitimate access to critical systems, making them invisible to traditional security solutions such as firewalls and intrusion detection systems. The lack of understanding of insider threats poses a significant risk to the security of the organization’s data,” said Imperva AVP of Northern Europe, Chris Waynforth.

“An effective insider threat detection system needs to be diverse and combine different tools to not only monitor insider behavior, but also filter the high volume of alerts and eliminate false positives.”

Imperva recommended that organizations create a dedicated function to handle risk from within and follow the principles of zero trust when building their programs.

Leave a Comment