- The Mimecast report finds that insider threats now rival negligence as the top concern
- Organizations are reporting increasing malicious and careless incidents
- Mimecast encourages adaptive controls against insider risks
IT security managers are now as concerned about malicious insiders as they are about negligent employees, new research has claimed.
Mimecast recently polled 2,500 IT security and IT decision makers in nine countries to learn about their biggest security fears, and found that nearly half (42%) reported an increase in malicious insider threats year-over-year, up from 33% the year before.
At the same time, the same percentage (42%) of organizations also reported an increase in negligent incidents, and this parity marks a “fundamental shift in enterprise security, where intentional betrayal competes with accidents” as a primary safety concern.
Most consequential and underrated threat
On average, a company will experience six insider incidents each month, costing them $13.1 million per incident. incident, Mimecast further explained. Two-thirds (66%) said they expect insider-related data loss to increase over the next year.
There are numerous ways careless insiders can harm a company: from sending sensitive data to the wrong email address to using unapproved cloud-based software. For example, online PDF converters – a very popular tool in the enterprise – often harvest the data they upload, and in some cases they were also seen delivering malware to their users.
Malicious insiders, on the other hand, are often disgruntled employees and people who have been laid off. Sometimes they take sensitive data with them, break company policy and leak files (often to competitors). On some occasions, people will be bribed to allow threat actors access to the company’s network.
For Mimecast CISO Leslie Nielsen, insider risk has now become “one of the most consequential and underestimated threats,” mostly because insiders are increasingly being exploited as entry points.
“The data shows both careless mistakes and deliberate actions driving incidents just as much. Instead of trying to manage human behavior, organizations need adaptive controls that identify high-risk actions and adjust protections in real time, creating friction when someone accesses data they shouldn’t, regardless of whether they have valid credentials. As AI makes it easier for users to meet risk, security at risk must scale.”
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
