Securing an organization’s sensitive data is hard, especially when the danger comes from within. A careless coworker may insecurely share credentials, an intruder may compromise an account, or a malicious insider may misuse their access rights. According to the 2020 Cost of Insider Threats Report [PDF] by IBM, 60% of organizations experienced more than 20 insider-related incidents in 2019. One promising solution to prevent insider threats is user and entity behavior analytics (UEBA).
While organizations are spending a good deal of money protecting their data against unauthorized access from the outside, malicious insiders may pose no less harm. According to the 2021 Data Breach Investigation Report [PDF] by Verizon, 36% of all data breaches experienced by large organizations in 2020 were caused by internal actors. For small and midsize businesses, it was 44%.
Insider threats remain one of the biggest issues plaguing cybersecurity. A study by Ponemon shows that the costs of insider threats leaped 31% in just two years, from $8.76 million in 2018 to $11.45 million in 2020. The same report shows that it takes companies an average of 77 days to contain an insider threat incident. Forrester predicts that insider threats will cause 31% of data breaches by the end of 2021, up from 25% in 2020.
The escalation in cybersecurity breaches as seen in 2020 has continued well into 2021. According to Verizon’s 2021 DBIR , so far they have looked into 29,207 incidents worldwide. These incidents boiled down to 5,258 confirmed data breaches. An analysis of these breaches shows: Many of these breaches were financially motivated, targeting sensitive data that can be easily monetized and lucratively too. Human negligence, consistent with previous years, was the biggest threat to security.
A slew of recent changes, particularly the massive shift to remote work following the pandemic, has rapidly redefined the cybersecurity threatscape. In the new cyber normal, organizations face the security dilemma of keeping existing tools versus adopting solutions to protect them against today's threats.