HOW SHOULD
BUSINESSES AND
ORGANISATIONS
PROTECT AGAINST
INSIDER THREATS?
G
urucul, a leader in
behaviour-based
security and
fraud analytics
technology for
on-premises
and the cloud,
has announced that nearly half of
the companies surveyed for its 2020
Insider Threat Report are unable to
remediate insider threats until after
data loss has occurred.
organisation’s assets both on-premise
and in the cloud,” said Craig Cooper,
COO of Gurucul.
The Cybersecurity Insiders and Gurucul
study found that lack of visibility into
anomalous activity, especially in the
cloud and manual SIEM workloads have
increased the risk of insider threats for
organisations and prevent many from
detecting and stopping data exfiltration.
This 2020 Insider Threat Report
was produced with the support of
Gurucul by Cybersecurity Insiders,
the 400,000-member community for
information security professionals, to
explore how organisations are responding
to evolving security threats. Some of the
report’s key findings include:
• A total of 68% of organisations feel
vulnerable to insider attacks
• A total of 53% of organisations
believe detecting insider attacks has
become significantly to somewhat
harder since migrating to the cloud
• A total of 63% of organisations
think that privileged IT users
pose the biggest insider security
risk to organisations
www.intelligentciso.com
|
Issue 21
“Lack of visibility and legacy SIEM
deployments put companies at risk.
Insider threat programs that monitor
the behaviour of users and devices
to detect when they deviate from their
baselines using security analytics can
provide unmatched detection, risk-based
controls and automation.”
• Organisations cite lack of resources
(31%) and too many false positive
alerts (22%) as the biggest
hurdles in maximising the value
of SIEM technology
• Only about one third of organisations
are able to detect anomalous
behaviour in NetFlow/packet data
(35%), service accounts (39%) and
cloud resources (30%)
“Insider threats are not limited to
employees. They extend to contractors,
supply chain partners, service
providers and account compromise
attacks that can abuse access to an
Gurucul provides security analytics
solutions that can predict, detect and
prevent insider threats. The Gurucul
Risk Analytics (GRA) platform monitors
in real-time the actions performed by
users, particularly those with elevated
privileges and employees with access to
highly sensitive information.
GRA looks for behaviours that are
outside the range of normal, baselined
activities to detect indicators of
malicious insiders or external intruders
who compromised a user’s account.
Download the full report at gurucul.
com/2020-insider-threat-survey-report. u
27