Research from LogRhythm Reveals True Scale of the Insider Threat
Maidenhead, 07 April 2011 – [LogRhythm], the company that makes log data useful, has today released research demonstrating how likely UK employees are to either maliciously or accidentally disclose confidential information about their employers to unauthorised personnel. The survey of 3000 UK workers, conducted by OnePoll, revealed that 37 percent of people have shared privileged company information with their friends and family, while 21 percent of laptop/desktop owning respondents stated they transferred company data to their personal computer, even though more than half of these devices – 58 percent – were shared with, or could at least be accessed by, other people. Smartphone users also present a risk, with 14 percent admitting they transfer work data to their personal handsets.
Perhaps influenced by the ongoing Wikileaks saga, the research also showed that many employees would leak company information to the media if they thought their employee was acting immorally or illegally, with 26 percent willing to become whistleblowers. A further 34 percent stated they would report this activity to the police. When asked about scale of the security risk posed by employees, 82 percent of respondents stated that they believed the insider threat to be equal to or greater than the threat posed to organisations by external hackers.
“This research shows that there are many ways in which security breaches can occur, regardless of the insider’s intentions,” said Ross Brewer, vice president and managing director, international markets, LogRhythm. “In transferring information to a personal laptop or smartphone, an insider is putting that information at risk of misuse. It need not be deliberate action but simply carelessness that does the damage. Moreover, the willingness of employees to gossip about confidential information with their friends and families, and even to deliberately disclose information to non-colleagues, shows that organisations should be very concerned about the information they make available to insiders.”
The survey also suggests that the security risks posed by employees may worsen in the future, as workers between the ages of 18 and 24 were routinely the worst offenders. They are more likely to transfer confidential information to external devices, particularly to smartphones where figures were 10 percent higher than average at 24 percent. This group was also more likely to share information with friends and family, with 40 percent doing so.
“Despite the readiness of some of those surveyed to reveal confidential information about their organisations, many of those same people also believe that stricter rules need to be enforced and are concerned about treatment of their own information,” continued Brewer. “65 percent of those surveyed worry that their personal data might be misused by banks, shops, local councils or other organisations they interact with. Judging by the risks they themselves take with their own employers’ intellectual property, they are probably right to be nervous.”
When asked about how easy it was to access company secrets, 19 percent reported that there was no policy restricting access to information on the company network, while a further 15 percent said that although there was a policy, it was still possible for unauthorised people to access privileged content. Support for more stringent security procedures was high, with 63 percent favouring strictly enforced policies to prevent unauthorised staff from accessing data, 60 percent advocating disciplinary action for staff in breach of the rules and 52 percent backing the use of technology to monitor access to restricted files.
“While stricter policies and disciplinary action may deter some staff, it is only by continually monitoring networks that organisations can detect anomalous activity and minimise the risks of leaks occurring in the first place,” said Brewer. “For example, deploying a Protective Monitoring system that enables the analysis of log data in real-time means that if a leak were to occur, it would be detected and dealt with straight away. This is vital for minimising the significant reputational and financial damage that can occur as a result of a security breach.”
LogRhythm is a world leader in NextGen SIEM, empowering organizations on six continents to successfully reduce risk by rapidly detecting, responding to and neutralizing damaging cyberthreats. The LogRhythm platform combines user and entity behavior analytics (UEBA), network traffic and behavior analytics (NTBA) and security automation & orchestration (SAO) in a single end-to-end solution. LogRhythm’s Threat Lifecycle Management (TLM) workflow serves as the foundation for the AI-enabled Security Operations Center (SOC), helping customers measurably secure their cloud, physical and virtual infrastructures for both IT and OT environments. Built for security professionals by security professionals, the LogRhythm platform has won many accolades, including being positioned as a Leader in Gartner’s SIEM Magic Quadrant.