- Mimecast Report Finds Insider Threats Now Rival Negligence as Top Concern
- Organizations report increase in malicious and careless incidents
- Mimecast urges adaptive controls against internal risks
IT security leaders are now equally concerned about malicious employees as they are about negligent employees, new research claims.
Mimecast recently surveyed 2,500 IT and IT security decision makers in nine countries to learn their biggest security fears, and found that almost half (42%) reported an increase in malicious insider threats year over year, compared to 33% the previous year.
At the same time, the same percentage (42%) of organizations also reported an increase in negligent incidents, and this parity marks a “fundamental shift in enterprise security, where intentional betrayal rivals accidents” as the top security concern.
The most important and underestimated threat
On average, a company will experience six internal incidents each month, costing them $13.1 million per incident, Mimecast explained. Two-thirds (66%) said they expect insider data loss to increase over the next year.
There are numerous ways negligent insiders can harm a business – from sending sensitive data to the wrong email address to using unauthorized cloud-based software. For example, online PDF converters, a very popular tool in the enterprise, often collect data that is uploaded and, in some cases, have also been seen to deliver malware to their users.
Malicious insiders, on the other hand, are usually disgruntled employees and people who were fired. Sometimes they take sensitive data, violating company policy and essentially leaking files (often to competitors). Individuals are sometimes bribed to grant threat actors access to corporate networks.
For Leslie Nielsen, CISO at Mimecast, insider risk has now become “one of the most important and underrated threats,” mainly because insiders are increasingly exploited as entry points.
“Data shows both careless errors and deliberate actions that lead to incidents in equal measure. Instead of trying to manage human behavior, organizations need adaptive controls that identify high-risk actions and adjust protections in real time, creating friction when someone accesses data they shouldn’t, regardless of whether they have valid credentials. As AI makes it easier for insiders to exfiltrate data at scale, security must meet users at the point of risk.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
