EDITOR’S QUESTION
HOW SHOULD
BUSINESSES AND
ORGANISATIONS
PROTECT AGAINST
INSIDER THREATS?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
G
urucul, a leader in behaviour-
based security and fraud analytics
technology for on-premises and
the cloud, has announced that nearly half
of the companies surveyed for its 2020
Insider Threat Report are unable to
remediate insider threats until after data
loss has occurred.
The Cybersecurity Insiders and Gurucul
study found that lack of visibility into
anomalous activity, especially in the cloud
and manual SIEM workloads have increased
the risk of insider threats for organisations
and prevent many from detecting and
stopping data exfiltration.
This 2020 Insider Threat Report was
produced with the support of Gurucul by
Cybersecurity Insiders, the 400,000-member
community for information security
professionals, to explore how organisations
are responding to evolving security threats.
Some of the report’s key findings include:
• A total of 68% of organisations feel
vulnerable to insider attacks
• A total of 53% of organisations believe
detecting insider attacks has become
significantly to somewhat harder since
migrating to the cloud
• A total of 63% of organisations think
that privileged IT users pose the biggest
insider security risk to organisations
• Organisations cite lack of resources
(31%) and too many false positive
32
INTELLIGENTCIO
alerts (22%) as the biggest hurdles in
maximising the value of SIEM technology
• Only about one third of organisations
are able to detect anomalous
behaviour in NetFlow/packet data
(35%), service accounts (39%) and
cloud resources (30%)
“Insider threats are not limited to employees.
They extend to contractors, supply chain
partners, service providers and account
compromise attacks that can abuse access
to an organisation’s assets both on-premise
and in the cloud,” said Craig Cooper, COO of
Gurucul. “Lack of visibility and legacy SIEM
deployments put companies at risk. Insider
threat programs that monitor the behaviour
of users and devices to detect when they
deviate from their baselines using security
analytics can provide unmatched detection,
risk-based controls and automation.”
Gurucul provides security analytics solutions
that can predict, detect and prevent insider
threats. The Gurucul Risk Analytics (GRA)
platform monitors in real-time the actions
performed by users, particularly those with
elevated privileges and employees with
access to highly sensitive information. GRA
looks for behaviours that are outside the
range of normal, baselined activities to detect
indicators of malicious insiders or external
intruders who compromised a user’s account.
Download the full report at gurucul.
com/2020-insider-threat-survey-report
www.intelligentcio.com