This year, many diverse types of insider threat incidents hit organizations, calling attention to the need for more effective insider threat management strategies.
For example, this spring, Suntrust experienced a malicious insider threat incident caused by a former employee allegedly stealing customer contact lists. Over the Fourth of July holiday, Timehop experienced a credential theft incident targeting a privileged user, which gave the attacker access to a sensitive cloud infrastructure account.
Instead of hiding in a bunker, which would be a natural reaction, being aware of upcoming insider threat trends could help your team prepare for what’s ahead in 2019. (Side note: If you want to see what we predicted for 2018, check out our retrospective post.)
Without further ado, here are our insider threat predictions for 2019:
More organizations will create dedicated insider threat roles or divisions.
Let’s start with the good news. According to US CERT, having a formalized insider threat program can help convene departments from across the organization to effectively detect and prevent insider threats.
We predict that more organizations will be hiring dedicated insider threat roles to manage these insider threat programs, which will include cybersecurity awareness and insider threat training as strong focus points of the role.
If the number of job listings containing the phrase “insider threat” is any indicator, more organizations will look to develop a dedicated practice to proactively manage insider threats within their cybersecurity department.
The methods for data exfiltration will become more diverse.
The proliferation of SaaS applications across businesses of all sizes is giving insiders more ways to exfiltrate data. According to Blissfully, this trend shows no signs of slowing down, with SaaS spending expected to double by 2020.
Savvy, malicious insiders will take advantage of multiple new channels to exfiltrate data and hide their tracks (including collaboration platforms, cloud storage, email, IM, SaaS apps, and more). The ease-of-use of new apps will cause a spike in accidental insider threat incidents, as well, due to poor account security best practices (such as weak or re-used passwords, lack of multi-factor authentication, or open sharing settings).
The time to investigate insider threat incidents will decrease.
With the introduction of GDPR in 2018, organizations that hold EU citizens’ data are required to disclose breaches within 72 hours of becoming aware of the incident. Those who aren’t in compliance face hefty fines of up to €10 million, or 2% of the worldwide annual revenue of the prior financial year.
Other data privacy regulations requiring speedier breach disclosure times are in the works in the U.S., led by the California Consumer Privacy Act, which goes into effect in 2020. With more GDPR-like regulations on the horizon, cybersecurity teams will need to drastically shorten their time to investigate potential insider threat incidents.
Understanding context behind user activity will become increasingly important.
Insider threat statistics from the Ponemon Institute show that two out of three insider threat incidents happen by accident. While malicious insider threats tend to capture more of the headlines, far too many of accidental incidents are preventable, and need to be handled in an entirely different way.
Organizations will take more initiative to gain insight into the context behind insider threat incidents, including user intent. This level of context can help cybersecurity teams stop user mistakes before they become full-blown incidents. As an insider threat prevention strategy, more organizations will adopt ongoing insider threat training as a cybersecurity awareness initiative.
There’s potential for state-sponsored insider threat incidents to increase.
State-sponsored insider threats can have many different motives, but a big one is financial gain. Often privileged IT users are a focus of insider threat investigations, but business executives just as strong a possibility to become state-sponsored threats -- with their combination of access and potential to cash in on company secrets.
With the continued headlines about international threats targeting U.S.-based companies like Amazon, expect nation state threats to increase. One industry to watch, in particular, is critical infrastructure, with incidents’ potentially devastating effects on national security, public health, emergency communications, and more.
The healthcare sector will see the most costly insider threat incidents.
In the 2018 Ponemon Institute Cost of Insider Threats report, healthcare ranked number five when it came to annual costs of insider threat incidents (averaging $8 million per year). However, you can expect this cost to rise over the next year as insider threats and credential thieves continue to target highly valuable patient data.
According to Verizon’s 2018 Data Breach Investigation Report, healthcare is the only industry where insider threats outnumbered external threats (something that’s never happened before in any other industry). The frequency of these incidents alone will drive up costs.
Another possible reason behind a potential increase in healthcare-related insider threats is the desire to quickly adopt new technology that improves patient outcomes. Unfortunately, with this increased technology adoption comes a high margin of error with user accounts, which could create new opportunities for hackers to compromise systems.
What are some of your predictions for insider threats in 2019, or the cybersecurity industry as a whole? Let us know by Tweeting @Proofpoint.
Subscribe to the Proofpoint Blog