- Mimecast report finds insider threats now rival negligence as top concern
- Organizations Report Increase in Malicious and Reckless Incidents
- Mimecast recommends adaptive controls against insider risks
IT security leaders now worry as much about malicious insiders as they do negligent employees, according to a new study.
Mimecast recently surveyed 2,500 IT security leaders and decision makers across nine countries to learn their biggest security fears. Nearly half (42%) reported a year-over-year increase in malicious insider threats, up from 33% the year before.
At the same time, the same percentage (42%) of organizations also reported an increase in incidents of negligence, and this parity marks a “fundamental shift in enterprise security, where intentional betrayal rivals accidents” as the top security concern.
The most serious and underestimated threat
On average, a company will experience six internal incidents each month, costing the company $13.1 million per incident, Mimecast said. Two-thirds (66%) say they expect internal data loss to increase over the next year.
There are many ways for careless insiders to harm a company: from sending sensitive data to the wrong email address to using unauthorized cloud software. For example, online PDF converters – a very popular tool in businesses – often harvest the data they upload and, in some cases, have also been seen delivering malware to their users.
Bad insiders, on the other hand, are often disgruntled employees or people who have been fired. Sometimes they will take sensitive data with them, violating company policy and essentially leaking files (often to the competition). In some cases, people will be bribed to allow bad actors access to corporate networks.
For Mimecast CISO Leslie Nielsen, insider risk has now become “one of the most significant and underappreciated threats,” primarily because insiders are increasingly being exploited as entry points.
“Data shows both careless errors and deliberate actions that drive incidents in equal measure. Rather than trying to manage human behavior, organizations need adaptive controls that identify high-risk actions and adjust protections in real time, creating friction when someone accesses data they shouldn’t, whether or not they have valid credentials. As AI makes it easier for insiders to exfiltrate data data at scale, security must respond to users at the point of risk.
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
