Intelligent CISO Issue 21 | Page 27

HOW SHOULD BUSINESSES AND ORGANISATIONS PROTECT AGAINST INSIDER THREATS? G urucul, a leader in behaviour-based security and fraud analytics technology for on-premises and the cloud, has announced that nearly half of the companies surveyed for its 2020 Insider Threat Report are unable to remediate insider threats until after data loss has occurred. organisation’s assets both on-premise and in the cloud,” said Craig Cooper, COO of Gurucul. The Cybersecurity Insiders and Gurucul study found that lack of visibility into anomalous activity, especially in the cloud and manual SIEM workloads have increased the risk of insider threats for organisations and prevent many from detecting and stopping data exfiltration. This 2020 Insider Threat Report was produced with the support of Gurucul by Cybersecurity Insiders, the 400,000-member community for information security professionals, to explore how organisations are responding to evolving security threats. Some of the report’s key findings include: • A total of 68% of organisations feel vulnerable to insider attacks • A total of 53% of organisations believe detecting insider attacks has become significantly to somewhat harder since migrating to the cloud • A total of 63% of organisations think that privileged IT users pose the biggest insider security risk to organisations www.intelligentciso.com | Issue 21 “Lack of visibility and legacy SIEM deployments put companies at risk. Insider threat programs that monitor the behaviour of users and devices to detect when they deviate from their baselines using security analytics can provide unmatched detection, risk-based controls and automation.” • Organisations cite lack of resources (31%) and too many false positive alerts (22%) as the biggest hurdles in maximising the value of SIEM technology • Only about one third of organisations are able to detect anomalous behaviour in NetFlow/packet data (35%), service accounts (39%) and cloud resources (30%) “Insider threats are not limited to employees. They extend to contractors, supply chain partners, service providers and account compromise attacks that can abuse access to an Gurucul provides security analytics solutions that can predict, detect and prevent insider threats. The Gurucul Risk Analytics (GRA) platform monitors in real-time the actions performed by users, particularly those with elevated privileges and employees with access to highly sensitive information. GRA looks for behaviours that are outside the range of normal, baselined activities to detect indicators of malicious insiders or external intruders who compromised a user’s account. Download the full report at gurucul. com/2020-insider-threat-survey-report. u 27