Maybe someday soon, we’ll see some good news on the cybersecurity front. Not today, though, as the Ponemon Institute’s 2022 Cost of Insider Threats Global Report leaves no doubt that the people inside our organizations are as great a threat – if not more – as cybercriminals operating in the dark from halfway around the world.
Here are the most salient findings from Ponemon’s research.
Containment Time has Increased
It took an average of 85 days to contain an insider incident, an increase from 77 days in the previous study. Only 12% of incidents were contained in less than 30 days, and 34% of incidents took greater than 90 days.
Negligence is Mostly to Blame
The negligent insider is the root cause of most incidents. A total of 3,807 attacks, or 56%, were caused by employee or contractor negligence, costing on average $484,931 per incident. This could be the result of a variety of factors, including not ensuring their devices are secured, not following the company’s security policy, or forgetting to patch and upgrade.
Malicious Insiders Continue to Wreak Havoc
Malicious insiders caused 26% or 1,749 incidents at an average cost per incident of $648,062. Malicious insiders are employees or authorized individuals who use their data access for harmful, unethical, or illegal activities. Because employees are increasingly granted access to more information to enhance productivity in today’s work-from-anywhere workforce, malicious insiders are harder to detect than external attackers or hackers.
Credential Theft is Skyrocketing
Credential theft incidents have almost doubled since the last study. At an average of $804,997 per incident, credential theft is the costliest to remediate. The intent of the credential thief is to steal users’ credentials that will grant them access to critical data and information. A favorite technique for many of these credential thieves is social engineering attacks, primarily phishing. A total of 1,247 incidents – or 18% of incidents – involved stolen credentials.
More Companies are Experiencing Insider Incidents
The frequency of companies experiencing insider incidents has increased significantly. According to the 2022 research, 67% of companies are experiencing between 21 and more than 40 incidents per year. This is an increase from 60% in 2020 and 53% in 2018 of companies having between 21 and more than 40 incidents.
The Business Impact is Severe
Disruption or downtime and investment in technologies represent the most significant costs when dealing with insider threats. The two largest costs are the impact of business disruption because of diminished employee productivity (23% of total cost) and technology, which includes the amortized value and licensing for software and hardware that are deployed in response to insider-related incidents (21%).
Containment Costs Lead the Way
Companies spend the most on containment of the insider security incident. An average of $184,548 is spent to contain the consequences of an insider threat. The least amount of average cost is for escalation $32,228 and monitoring and surveillance $35,080. Incidents that took less than 30 days to contain had the lowest average annual cost of activities at $11.23 million. In contrast, average annual activity costs for incidents that took more than 90 days is $17.19 million.
Insider Incidents are Costliest in North America
North American companies are spending more than the average cost on activities that deal with insider threats. The total average cost of activities to resolve insider threats over a 12-month period is $15.38 million. Companies in North America experienced the highest total cost at $17.53 million. European companies had the next highest cost at $15.44 million.
Financial Services are Hit Hardest
Financial services and services organizations have the highest average activity costs. The average activity cost for financial services is $21.25 million and services is $18.65 million. Service organizations represent a wide range of companies including accounting, consultancy, and professional service firms.
The Larger the Company, the Harder the Hit
Organizational size affects the cost per incident. The annual cost of incidents varies according to organizational size. Large organizations with a headcount of more than 75,000 spent an average of $22.68 million over the past year to resolve insider-related incidents. To deal with the consequences of an insider incident, smaller-sized organizations with a headcount below 500 spent an average of $8.13 million.
How to Prevent Insider Attacks
Minimizing the risk of insider attacks is easy; simply install USB port locks into all computer ports. This one step makes it impossible for someone to connect a USB flash drive, external hard drive, or other removable media to a desktop, laptop, or network.
The cost of locking computer and network ports is minimal – especially when compared to the average cost of a data breach, which is now a staggering $11.45 million, according to a recent report from Ponemon Institute’s Cost of a Data Breach Study.
USB port locks, network module locks, LAN cable locks, and secure USB hubs for your attached USB devices are inexpensive devices that can physically secure your data perimeter and protect your endpoints not only from malicious insider attacks, but also from innocent and non-wary employees who use their office computer to charge their infected mobile phone, triggering an event that takes down the entire network.
