Enterprises are missing the warning signs of insider threats

2021-09-06 05:00

Organizations struggle to identify the warning signs of insider threats, according to a report by the Ponemon Institute.

"The vast majority of security threats follow a pattern or sequence of activity leading up to an attack, and insider threats are no exception," said Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute.

"Many security professionals are already familiar with Lockheed Martin's Cyber Kill Chain and the MITRE ATT&CK framework, both of which describe the various stages of an attack and the tactics utilized by an external adversary. Since human behavior is more nuanced than machine behavior however, insider attacks follow a slightly different path and require modern approaches to combat."

Over the course of thousands of insider threat investigations and incidents, analysts have identified the insider equivalent of these frameworks: the insider threat kill chain, which encompasses the five steps present in nearly all insider attacks: Reconnaissance, Circumvention, Aggregation, Obfuscation and Exfiltration.

The findings of this report reveal that enterprises are missing the warning signs of insider threats and the intent of perpetrators.

Missing the indicators of insider threats Nearly half of companies find it impossible or very difficult to prevent an insider attack at the earliest stages of the insider threat kill chain.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/X8m5eixasmo/

#threat