If you keep up with the news then there is a very good chance that recent data breach reports may leave you feeling that the biggest risk to your organisation is external, coming from hackers, hacktivists and maybe even intelligence agencies. But you shouldn’t forget that some risks are closer at hand. Internal threats can potentially pose just as big a risk and, according to a new report issued today by the Raytheon Company, many organisations struggle to manage those threats. The report highlights how personnel with access to privileged data such as corporate secrets, intellectual property, personnel files and health records, frequently place that information in harm’s way. Focusing on what it terms ‘the human factor’, the Privileged User Abuse and Insider Threat paper discovered that individuals who the highest level of network access within an organisation are often afforded access to areas and data that go way beyond the needs of their own job roles and responsibilities. Jack Harrington, vice president of Cybersecurity and Special Missions, Raytheon Intelligence Information and Services said:

“The results of this survey should serve as a wakeup call to every executive with responsibility for protecting company or customer sensitive data. While the problem is acutely understood, the solutions are not.”

The report, conducted by the Ponemon Institute, identified 693 of the respondents as ‘privileged users’, including infosec personnel, network engineers, database administrators and cloud custodians. The key findings based upon their responses include these interesting facts:

• 88% of the respondents recognise that insider threats are a risk but they have difficulty in recognising such actions when they occur
• Sixty-nine percent of those surveyed stated that the security tools employed by their organisation were not sufficient to determine the intent behind reported incidents
• 65% of survey respondents indicated that curiosity alone, rather than specific work-related need, drove them to access sensitive or confidential data
• 59 percent of privileged users stated that the tools they use to detect insider threats produce too many false positives
• Forty-seven percent thought that an inside attack would likely be instigated via social engineering to obtain another employee’s access rights. This compares with 21% who thought the same in a 2011 survey
• An almost identical number – Forty-five percent – thought that an external attack would use social engineering to target privileged users to obtain their access rights.

The last point prompted Harrington to say that:

“Even a well-intentioned, seasoned, privileged user with wide access to a network poses great risks because they are high-value targets to corporate ‘hacktivists’ and persistent adversaries eager to penetrate a company’s defenses.”

The survey also asked respondents to comment on what they felt were the biggest risks posed by privileged users. The main responses were:

• 59 percent thought that general business information was at risk
• 49% say customer information is most at risk due to a lack of access controls over privileged users
• Fifty-seven percent believe that organisations should employ more background checks before issuing privileged credentials
• Only 40% of the respondents reported having a budget dedicated to the mitigation of insider threats, leaving many (72%) with only existing and unsuitable tools available with which to limit the risks to their business

Harrington commented that:

“The goal of this survey is to not only share current insider threat statistics but to educate organizations on their privileged users and the threats and attacks that can happen because of the access they own. If a privileged user wants to do bad things, their elevated access to the company network makes it easier for them.”

What are you doing to mitigate the threat posed by the people within your own organisation?