Many enterprises are leaving themselves vulnerable to insider attacks by relying on traditional file storage systems and perimeter-based approaches. These tactics do little to prevent internal threats. For many years, enterprise leaders assumed employees with the appropriate credentials could be trusted with access without having to reauthorize themselves, but internal vulnerabilities have grown as data increasingly migrates to cloud storage. Without active defense and Zero Trust in place, enterprises cannot effectively stop insider threats in real time.
The Cost of Insider Threats
Although many organizations are rightfully concerned with preventing ransomware attacks, insider threats present a critical vulnerability that can’t be overlooked. Internal cyber risks include negligent or reckless employees and contractors, workers with malicious intent and credential thieves. Research from the Ponemon Institute revealed insider threats have increased in both number and cost, with credential theft nearly doubling since 2020. These incidents are the most costly to resolve. The report also found:
56% of insider incidents were the result of negligence, costing an average of $484,931 per incident
The annualized cost for negligence-driven insider threats is $6.6 million
The average number of days to contain an insider incident is 85
Corporate email is where the majority of employees’ personally identifiable information (PII), intellectual property (IP) and other business critical data resides
The motivation behind insider threats depends on organizational size, industry and IT infrastructure. Behavioral insider threat indicators can include attempting to bypass security protocols, violating company policies and frequently being in the office after hours. While negligence can arise from lack of understanding of cybersecurity procedures or complications from remote work, malicious insiders may be disgruntled employees. Monitoring suspicious user behaviors, such as logins from unusual locations or at strange times, copying large amounts of information and accessing systems for the first time, can make insider threats easier to uncover. Malicious insider threats can come from every level of access.
In addition, there has been a sharp rise of threats from super malicious insiders, employees who leverage sophisticated techniques such as data obfuscation (obscuring data’s meaning) and exfiltration (unauthorized data transfers) to exploit data. Because many of these users are IT professionals who have advanced training in cybersecurity provided by their companies, they are able to circumvent standard safety procedures while appearing to not waver from their daily routines. This can allow super malicious insiders to avoid detection for far longer than insider threats caused by human error or negligence.
How Active Defense Safeguards Primary File Data
Ponemon reports that as of 2022, the total cost of insider threat incidents recorded is $15.4 million. With internal and external threats making data more vulnerable than ever, real-time active defense ensures organizations’ sensitive information is protected. Active defense instantly reports on which files were accessed, automatically maintains immutable copies of files for rapid recovery, and alerts security and IT infrastructure team members immediately. Implementing data-centric Zero Trust principles within a security architecture helps stop insider threats. By evaluating trust for each file transaction, every interaction is mediated, logged and analyzed.
BrickStor SP brings active security capabilities and high-performance data storage together to offer data-centric Zero Trust for primary file storage as well as backups and archives. It actively evaluates trust for each file interaction based on user account, client IP, file activity and other behavioral indicators to provide increased visibility. BrickStor SP is the only all-in-one solution for real-time data governance and data-centric zero trust. Other solutions require the integration of multiple applications and servers which negatively affects performance and potentially means threats can continue to go undetected for days or weeks. When BrickStor SP detects irregular or malicious activity, it alerts security teams and stops the user from being able to access and manipulate any files until the behavior is investigated and mitigated.