Insider threats will dominate cybersecurity trends in 2019
Since 2016, the average number of cybersecurity incidents involving employee or contractor negligence has increased by 26 percent, and by 53 percent for criminal and malicious insiders (Ponemon). Not only are insider-lead breaches on the rise, but they’re getting more diverse and sophisticated.
This spring, for example, Tesla found itself in the midst of a high-profile security breach when a malicious employee allegedly stole proprietary information on product design. Even Amazon was forced to investigate internally after concerns arose around an employee selling sensitive company information overseas.
The cybersecurity space is evolving quickly and so are employees’ methods of data exfiltration - both negligent and malicious. With that in mind, it’s important security professionals are always up to speed on how to protect their organization as the threat landscape shifts. Here are six trends that will shape the industry in 2019:
1. More organizations will create dedicated insider threat roles or divisions.
According to US CERT, having a formalized insider threat program can help convene departments from across the organization to effectively detect and prevent insider threats. As such, I expect that more organizations will evolve their security teams to include a dedicated insider threat role to manage these insider threat programs. This position will be key to improving cybersecurity awareness and initiating insider threat training across the organization.
2. The methods for data exfiltration will become more diverse.
The proliferation of SaaS applications is giving insiders more ways to exfiltrate data, and this trend shows no signs of slowing down – in fact, SaaS spending is expected to double by 2020. Accidental and purposeful exfiltration insiders will take advantage of multiple new channels to exfiltrate data and hide their tracks (including collaboration platforms, cloud storage, email, IM, SaaS apps, and more).
The ease-of-use of new apps will cause a spike in accidental insider threat incidents, as well, due to poor account security best-practices (such as weak or re-used passwords, lack of multi-factor authentication, or open sharing settings).
3. Understanding context behind user activity will become increasingly important.
Insider threat statistics from the Ponemon Institute show that two out of three insider threat incidents happen by accident. While malicious insider threats tend to capture more of the headlines, far too many incidents are accidental and could have been prevented.
Organizations will take more initiative to gain insight into the context behind insider threat incidents, including user intent. This level of context can help cybersecurity teams stop user mistakes before they become full-blown breaches. As such, more organizations will adopt ongoing insider threat training as a company-wide cybersecurity awareness initiative.
4. State-sponsored insider threat incidents will increase.
State-sponsored insider threats can have many different motives, but a big one is financial gain. In 2019, I expect nation state threats to increase significantly, particularly targeting critical infrastructure. Critical infrastructure systems are extremely vulnerable to both cybersecurity and physical security risks. State-sponsored threats and high-level hackers are constantly looking to gain access to critical infrastructure, with the intent of hitting some of our most valuable systems (national security, public health, emergency communications, and more).
5. The healthcare sector will see the costliest insider threat incidents.
In the 2018 Ponemon Institute Cost of Insider Threats report, healthcare ranked number five when it came to annual costs of insider threat incidents (averaging $8 million per year). However, you can expect this cost to rise over the next year as insider threats and credential thieves continue to target highly valuable patient data. Further, according to Verizon’s 2018 Data Breach Investigation Report, healthcare is the only industry where insider threats outnumbered external threats (something that’s never happened before in any other industry). The frequency of these incidents alone will drive up costs in 2019.
6. The vulnerabilities associated with mergers and acquisitions will rise.
2018 broke records when it came to corporate consolidation, with $3.3 trillion in mergers and acquisitions during the first three quarters of the year alone. Though M&As can lead to impressive business growth, it can also create numerous insider threat vulnerabilities as new employees are forced to quickly adapt to unfamiliar corporate security structures. Sometimes in the rush to consolidate, education around security protocols can fall through the cracks. In 2019, we will see the more accidental insider threat incidents result from mergers and acquisitions.