Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Insider threats take centre stage

Issue 7 2023 Information Security


John Mc Loughlin.

J2 Software, a DTEX Systems partner, has emphasised the inadequacy of current cybersecurity budgets in addressing the core cause of data breaches; insider risks. A recent survey revealed that 58% of organisations believe their budgets allocated to manage insider risks are insufficient to effectively mitigate the increasing costs and frequency of security incidents instigated by individuals within the organisation.

DTEX Systems, in collaboration with the Ponemon Institute, unveiled the 2023 Cost of Insider Risks Global Report. This independent study disclosed a 40% rise over four years in the average annual cost of insider risks, now totalling $16,2 million. Concurrently, the average duration to contain an insider incident has surged to 86 days.

J2 Software CEO, John Mc Loughlin, says that in addition to scrutinising the financial implications of insider security incidents, this year’s study sheds light on how organisations are funding their insider risk programmes. “The research highlights that nearly half (46%) of organisations are planning to bolster their investment in insider risk programs in 2024. Moreover, an overwhelming 77% of organisations have either initiated or are in the process of implementing an insider risk programme.”

As defined by research analyst Gartner, insider risk management encompasses “the tools and capabilities to measure, detect and contain undesirable behaviour of trusted accounts within the organisation.”

Mc Loughlin adds, “Despite the rising costs associated with insider risks, a substantial 88% of organisations allocate less than 10% of their total IT security budget towards managing these internal threats. Organisations boast an IT security budget averaging $2437 per employee, with a mere 8,2% ($200 per employee) designated specifically for insider risk programs and policies.”

Symptom management

DTEX Systems CTO, Rajan Koo emphasised that these findings underscore a diversion of budgets towards reactive ‘symptom management’ despite mounting evidence that the root cause lies within the human factor, represented by insider risks.

“The findings illuminate that insiders, manifesting as insider risks, are the primary cause of data breaches, including those stemming from social engineering. This highlights a pervasive misunderstanding of the various forms of insider risks and the failure to proactively safeguard customer data and intellectual property,” he added.

The 2023 Cost of Insider Risks Global Report offers a comprehensive analysis to comprehend the financial ramifications of insider risks, stemming from either negligent or inadvertent employees, outsmarted employees (including insider incidents linked to credential theft), or malicious insiders.

Dr Larry Ponemon, Chairman and Founder of the Ponemon Institute, commented, “Our goal in conducting this research is to create awareness of the significant costs incurred when employees are negligent, outsmarted or malicious in the handling of an organisation’s sensitive data.”

“We believe this study is unique because it analyses the costs based on the type of insider, the time it takes to contain the incident and the technologies that are most effective in reducing the costs. Such information is beneficial in creating a strategy to deal more effectively with the insider risk while reducing the costs.”

Key findings of the 2023 Cost of Insider Risks Global Report include:

• The average annual cost of an insider risk has risen 40% over four years to $16,2 million, up from $15,4 million in 2022.

• The average number of days to contain an insider incident in 2023 has increased to 86 days. The longer it takes to respond, the higher the cost ($18,33 million for incidents that take more than 91 days to contain).

• Organisations are spending less than 10% of their IT security budget on insider risk management. Organisations had an average IT security budget of $2437 per employee, yet only 8,2% (equivalent to $200 per employee) was allocated specifically to insider risk management programs and policies.

• Most insider risk budget is spent after an insider incident has occurred. Only 10% of insider risk management budget (averaging $63 383 per incident) was spent on pre-incident activities: $33 596 on monitoring and surveillance, and $29 787 on ex-post analysis (this includes activities to minimise potential future insider incidents and steps taken to communicate recommendations with key stakeholders). The remaining 90% (averaging $565 363 per incident) was spent on post-incident activity cost centres: $179 209 on containment, $125 221 on remediation, $117 504 on investigation, $113 635 on incident response, and $29 794 on escalation.

• Insider risk programme funding is set to increase. Despite the fact that most organisations allocate an average of 8,2% of their IT security budgets to insider risk programs, 58% view current spending as inadequate and 46% expect funding to increase in the next year. Seventy-seven percent of organisations have started or are planning to start an insider risk programme.

• Non-malicious insiders cause most insider incidents. 75% percent of respondents said the most likely cause of insider risk is non-malicious; a negligent or mistaken insider (55%), or an outsmarted insider who was exploited by an external attack or adversary (20%).

• More than half of non-insider attacks are caused by social engineering. Fifty-three percent of organisations said social engineering (including phishing, pretexting and business email compromise) was a leading cause of non-insider or external attacks.

• Financial services and service organisations have the highest average activity costs. The average activity cost for financial services is $20,68 million, and services (including accountancy, consultancy and professional services firms) are $19,09 million.

• Top-down support is the gold standard. Among organisations that have, or plan to have, a dedicated insider risk programme, 52% report that top-down support and championing of the programme (e.g., an insider risk steering committee) is a key feature. Fifty-one percent have a dedicated cross-functional team from legal, human resources, line of business and IT security.

• AI/ML is essential to insider risk management. One-third of organisations view artificial intelligence and machine learning as essential to the prevention, investigation, escalation, containment and remediation of insider incidents, while 31% view it as very important.

For more information, contact J2 Software, +27 11 794 1096, john@j2.co.za, www.j2.co.za




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

95% do not have full trust in cybersecurity vendors
Information Security Security Services & Risk Management
Trust in cybersecurity vendors is fragile, difficult to measure, and increasingly shaping risk posture at both operational and board levels. Lack of verifiable transparency undermines cybersecurity decision-making, according to Sophos-backed research.

Read more...
Africa’s largest Zero Trust platform
NEC XON Information Security Commercial (Industry)
Africa has reached a significant cybersecurity milestone with the successful deployment of the continent’s largest Palo Alto Networks Prisma Access and Prisma Access Browser Zero Trust environment, supporting secure remote access for more than 40 000 users for a large enterprise in Africa.

Read more...
Supply chain attacks top threat over 12 months
Information Security
Supply chain attacks have become the most prevalent cyberthreat confronting businesses over the past year, according to a new Kaspersky global study, with nearly one-third of companies worldwide experiencing a supply chain threat in the past year.

Read more...
From vibe hacking to flat-pack malware
Information Security AI & Data Analytics
HP issued its latest Threat Insights Report, with strong indications that attackers are using AI to scale and accelerate campaigns, and that many are prioritising cost, effort, and efficiency over quality.

Read more...
NEC XON secures mobile provider’s hybrid identities
NEC XON Access Control & Identity Management Information Security Commercial (Industry)
For a leading South African telecommunications operator, identity protection has become a strategic priority as identity-centric attacks proliferate across the industry. The company faced mounting pressure to secure both human and non-human identities across complex hybrid environments.

Read more...
Microsoft 365 security is a ticking time bomb
Information Security
Across boardrooms and IT departments, a dangerous assumption persists that because data is stored in Microsoft 365 and Azure, it is automatically secure. This belief is fundamentally flawed and fosters a false sense of protection.

Read more...
Rise in malicious insider threat reports
News & Events Information Security
Mimecast Study finds 46% of SA organisations report a rise in malicious insider threat reports over the past year: reveals disconnect between security awareness and technical controls as AI-powered attacks accelerate.

Read more...
New campaign exploiting Google Tasks notifications
News & Events Information Security
New phishing scheme abuses legitimate Google Tasks notifications to trick corporate users into revealing corporate login credentials, which can then be used to gain unauthorised access to company systems, steal data, or launch further attacks.

Read more...
Making a mesh for security
Information Security Security Services & Risk Management
Credential-based attacks have reached epidemic levels. For African CISOs in particular, the message is clear: identity is now the perimeter, and defences must reflect that reality with coherence and context.

Read more...
What’s in store for PAM and IAM?
Access Control & Identity Management Information Security
Leostream predicts changes in Identity and Access Management (IAM) and Privileged Access Management (PAM) in the coming year, driven by evolving cybersecurity realities, hybridisation, AI, and more.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.