The surge in cyberattacks stemming from insider threats is causing organizations to face staggering remediation costs, with some incidents reaching up to $2 million each, according to research conducted by Gurucul. The study, which involved input from over 400 IT and cybersecurity professionals, revealed a concerning trend in the increase of insider attacks within organizations.
In 2023, 60% of organizations reported incidents of insider attacks, but this number surged to 83% in 2024. Additionally, the number of organizations experiencing between six to 10 attacks per year doubled from 13% to 25%. Nearly half of the organizations in the study stated that insider attacks had become more frequent over the past year, highlighting the growing threat faced by businesses.
Jason Soroko, senior fellow at Sectigo, defined insider threats as risks originating from individuals within an organization who misuse their authorized access to systems and data, either intentionally or unintentionally. This could involve scenarios such as an employee stealing sensitive data, falling for a phishing scam, or disregarding security protocols, leading to a breach.
The researchers at Gurucul identified the increasing IT complexities within organizations as a major driver of insider attacks. The expanding technology landscape, with more employees accessing system networks, is widening the attack surface and making it challenging for cybersecurity staff to defend against threats effectively. The adoption of new technologies like Internet of Things (IoT), artificial intelligence (AI), cloud services, and software-as-a-service (SaaS) applications further complicates the security landscape.
As organizations struggle to keep up with the evolving threat landscape, they are facing challenges in maintaining adequate staff with the necessary expertise to implement and manage security tools. The study found that nearly 30% of respondents cited insufficient staff for implementing and maintaining tools, while many employees lacked the training needed to effectively manage security measures. The researchers recommended transitioning to more intuitive tools that streamline threat detection and reduce false positives.
Gurucul also highlighted gaps in insider risk management as contributing factors to the prevalence of insider attacks. Weak enforcement policies, including the lack of consequences for employees and inadequate monitoring, were identified as significant contributors. Executive management and policy issues were also cited by respondents as major obstacles to combating insider threats effectively.
The financial implications of insider attacks are also grave for organizations. Remediation costs for such incidents can range from $100,000 to $2 million for many organizations, with activities like system restoration, data recovery, legal fees, regulatory fines, and reputational damage control driving up the costs. Recovery efforts are often slow, with 45% of organizations taking a week or longer to recover after an attack due to technical challenges and regulatory requirements.
To address these challenges, organizations are advised to invest in advanced incident-response solutions that prioritize critical threats and reduce recovery times. Education and training for existing employees, alongside recruiting new cybersecurity talent, are crucial in strengthening defenses and mitigating threats effectively. Managed security services can supplement internal capabilities and ensure that security tools are implemented and maintained without burdening existing staff.
In conclusion, organizations must prioritize cybersecurity efforts, implement robust policies, and provide ongoing training to safeguard against insider threats and mitigate the financial and operational risks associated with cyberattacks. By addressing these challenges proactively, organizations can enhance their security posture and protect sensitive data from insider threats.