- Employees are 85% more likely today to leak files than pre-COVID
- 59% of IT security leaders say insider threat will increase or ‘significantly’ increase in the next two years
- More than half of organizations have no insider risk response plan
- 40% of organizations don’t assess how effectively their technologies mitigate insider threats
Despite knowing the risks posed by insiders, more than half of organizations have no insider risk response plan. And just under half of companies don’t make a habit of assessing how effectively their technologies mitigate insider threats, according to a new report.
Both business and security leaders are allowing massive insider threats to fester in the aftermath of the sudden shift to remote work in the past year, according to a study commissioned by Code42 to The Ponemon Institute.
Employees are 85% more likely today to leak files than they were pre-COVID, and three-quarters of IT security leaders say their organizations have lost sensitive files in one or more data breaches. 61% said their remote workforce has caused a data breach since the pandemic began.
59% of survey respondents agree that insider threats will increase in the next two years as users have access to files they shouldn’t, and they tend to bypass security protocols. Despite these woes, 54% of organizations lack a plan to respond to insider threats.
In addition to insufficient response planning, most security tools for insider risk are not adapted to the way we work, researchers say. Because of that, 71% of IT security departments lack complete visibility into the movement of sensitive data.
The research indicates that security teams need to enhance their capabilities with tools designed specifically to offer the right context.
Bitdefender customers addresses this problem with GravityZone Elite, an integrated endpoint protection, risk management, and attack forensics platform, enhanced with user behavior risk analytics. IT reps can leverage integrated Risk Management and Analytics to continuously assess, prioritize and address misconfigurations and vulnerabilities, including human-triggered ones.