EDITOR’S QUESTION
HOW SHOULD
BUSINESSES AND
ORGANISATIONS
PROTECT AGAINST
INSIDER THREATS?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
G
urucul, a leader in behaviour-
based security and fraud analytics
technology for on-premises and
the cloud, has announced that nearly
half of the companies surveyed for its
2020 Insider Threat Report are unable
to remediate insider threats until after
data loss has occurred. The Cybersecurity
Insiders and Gurucul study found that
lack of visibility into anomalous activity,
especially in the cloud and manual SIEM
workloads have increased the risk of insider
threats for organisations and prevent
many from detecting and stopping data
exfiltration. This 2020 Insider Threat
Report was produced with
the support of Gurucul by Cybersecurity
Insiders, the 400,000-member community
for information security professionals, to
explore how organisations are responding
to evolving security threats. Some of the
report’s key findings include:
• A total of 68% of organisations feel
vulnerable to insider attacks
• A total of 53% of organisations believe
detecting insider attacks has become
significantly to somewhat harder since
migrating to the cloud
• A total of 63% of organisations think
that privileged IT users pose the biggest
insider security risk to organisations
• Organisations cite lack of resources
(31%) and too many false
positive alerts (22%) as the
biggest hurdles in maximising
the value of SIEM technology
• Only about one third
of organisations are able to
detect anomalous behaviour in
NetFlow/packet data (35%),
service accounts (39%) and
cloud resources (30%)
“Insider threats are not limited to
employees. They extend to contractors,
supply chain partners, service providers
and account compromise attacks that can
abuse access to an organisation’s assets
both on-premise and in the cloud,” said
Craig Cooper, COO of Gurucul. “Lack of
visibility and legacy SIEM deployments put
companies at risk. Insider threat programs
that monitor the behaviour of users and
devices to detect when they deviate from
their baselines using security analytics can
provide unmatched detection, risk-based
controls and automation.”
Gurucul provides security analytics solutions
that can predict, detect and prevent insider
threats. The Gurucul Risk Analytics (GRA)
platform monitors in real-time the actions
performed by users, particularly those with
elevated privileges and employees with
access to highly sensitive information.
GRA looks for behaviours that are outside
the range of normal, baselined activities
to detect indicators of malicious insiders
or external intruders who compromised a
user’s account.
Download the full report at gurucul.
com/2020-insider-threat-
survey-report
32
INTELLIGENTCIO
www.intelligentcio.com