INSIDER THREAT 2018 REPORT TABLE OF CONTENTS INTRODUCTION KEY SURVEY FINDINGS INSIDER THREAT DETECTION INSIDER THREAT PROGRAM SPONSORS OVERVIEW METHODOLOGY & DEMOGRAPHICS CONTACT US 3 4 5 16 24 32 40 41 The resulting Insider Threat Report is the mostcomprehensive research on the topic to date, revealinghow IT and security professionals are dealing with riskyinsiders and how organizations are preparing to betterprotect their critical data and IT infrastructure. We would like to thank the study sponsors forsupporting this research: CA Technologies|Dashlane | Haystax Technology|HoloNet Security| Interset| Quest|Raytheon| RSA |Securonix|Veriato|In addition, we want to thank all survey participants whoprovided their time and input in support of this study. We hope you will enjoy reading this report. Thank you, Holger Schulze INTRODUCTION Today’s most damaging security threatsare not originating from maliciousoutsiders or malware but from trustedinsiders - both malicious insidersand negligent insiders. This survey isdesigned to uncover the latest trendsand challenges regarding insider threatsas well as solutions to prevent ormitigate insider attacks. Our 400,000 member onlinecommunity, Cybersecurity Insiders,in partnership with the InformationSecurity Community on LinkedIn, askedCrowd Research Partners to conductan in-depth study of cybersecurityprofessionals to gather fresh insights,reveal the latest trends, and provideactionable guidance on addressinginsider threat. 32018 INSIDER THREAT REPORT Holger Schulze CEO and Founder Cybersecurity InsidersHolger.Schulze@Cybersecurity-Insiders2018 INSIDER THREAT REPORT4 Ninety percent of organizations feel vulnerable to insider attacks. The main enabling risk factors include toomany users with excessive access privileges (37%), an increasing number of devices with access to sensitive data(36%), and the increasing complexity of information technology (35%).A majority of 53% confrmed insider attacks against their organization in the previous 12 months (typically lessthan fve attacks). Twenty-seven percent of organizations say insider attacks have become more frequent. Organizations are shifting their focus on detection of insider threats (64%), followed by deterrence methods(58%) and analysis and post breach forensics (49%). The use of user behavior monitoring is accelerating; 94% oforganizations deploy some method of monitoring users and 93% monitor access to sensitive data. The most popular technologies to deter insider threats are Data Loss Prevention (DLP), encryption, and identityand access management solutions. To better detect active insider threats, companies deploy Intrusion Detectionand Prevention (IDS), log management and SIEM platforms.The vast majority (86%) of organizations already have or are building an insider threat program. Thirty-six percenthave a formal program in place to respond to insider attacks, while 50% are focused on developing their program. 1 2 3 4 5 KEY SURVEY FINDINGS 。。。。。。