A new study from The Ponemon Institue found that organizations are spending nearly 60% more to recover from insider threats compared to three years ago.
The study involved companies located in North America, Europe, the Middle East, and the Asia-Pacific region. The report found that cybersecurity events caused by insider threats have increased by almost 50% since 2018.
This increase has caused organizations across all industries to increase spending to an average of $11.45 million annually to remediate this negligent and/or malicious insider activity, representing a 60% increase in spending compared to three years ago.
This report splits incidents into three categories of threat:
1. Those caused unintentionally by negligent employees/contractors
2. Those instigated by credential thieves who use insiders' login details to gain unauthorized access to applications and systems
3. Those carried out by criminals and malicious insiders to damage an organization's reputation
The health and pharmaceutical industry reportedly spend $10.81 million each year to recover from security incidents caused by insider threats. Additionally, organizations with more than 75,000 employees reported spending an average of $17.92 million over the past year to recover from these threats, and organizations will less than 500 employees spent on average of $7.68 million to safeguard against these attacks.
The Financial Services, Energy & Utilities, and the Retail Industry were found to be the three largest impacted organizations. Financial Services have accumulated $14.05 million in losses - a rise of 20% - to remediate insider breaches over the last two years.
Overall, the average cost accumulated by organizations due to careless or negligent insiders stands at $4.58 million a year.
Researchers also found that incidents that take over 90 days to contain cost organizations $13.71 million in losses annually, while incidents that last less than 30 days cost organizations around $7.12 million per year. However, it takes an average of two months to contain an insider threat.
As insider threats continue to increase year after year, it's important that organizations implement real-time prevention solutions like Intrusion Detection and Prevention systems as well as improve employees' security best practices.
Employees being 'over-privileged' in terms of rights and permissions is one of the biggest vulnerabilities found within an organization. For this reason, organizations must ensure that access controls are being strictly enforced.
CIS Control #4 suggests maintaining the principle of lead privilege and ensure that all users with administrative account access use a dedicated or security account for elevated activities. In addition, configure systems to issue a log entry and alert when an account is added or removed from any group assigned administrative privileges.