The post-pandemic IT landscape introduces new vulnerabilities not addressed by security monitoring tools and frameworks
SINGAPORE, June 21, 2022 /PRNewswire/ — Halodata, a leading regional information security solution provider, has released its latest Insider Threat Report 2022-Singapore Edition research report, highlighting a number of key trends in insider threats in Singaporean companies. The first of its kind, the report assesses the current state of insider threats and the underlying contributing factors. The report was produced in collaboration with a strategic market intelligence consulting firm, SPIRE Research & Consulting.
The report reveals that 11% of companies have experienced at least one internal attack in the past year, and only 52% are able to explicitly admit that they have not experienced any related incidents in the past few months . The report also finds that a large majority of respondents acknowledge their vulnerability to such attacks, with more than 10% admitting to being extremely susceptible. In addition, more than four-fifths of organizations perceive internal attacks to be as dangerous as external cyberattacks, and 90% believe that mitigating these internal threats is relatively more difficult than dealing with external threats, illustrating a increasing trend in awareness of insider threats and their consequences.
Interestingly, the report reveals that almost 80% of enterprises believe that internal offline attacks are more difficult to prevent than attacks connected to the network. These results correspond to a noticeable gap in companies’ efforts to combat threats from outside IT divisions, with 23% of respondents revealing the non-existence of insider threat programs in non-IT departments, and 41% unaware if such programs exist.
The report, based on a survey conducted in April 2022 at the Smart Cybersecurity Summit in Marina Bay Sands covers a wide range of industries in Singapore, with almost a quarter of respondents coming from the financial services sector and 15% from the technology and software sector. Other participating verticals include energy and utilities, communications, transportation, security, and data center services. Opinions were assessed from a representative sample of companies with SMEs representing 28% of respondents and companies with more than 10,000 employees representing an additional 20%. Of these, a third of respondents were from IT operations departments, while corporate CISOs accounted for another 15%. The survey also drew participation from analysts, risk managers, SOC (Security Operations Center) and CSO managers.
Companies to improve their monitoring capabilities
Collectively, the majority of respondents see a strong need for user monitoring, with 66% believing that constant monitoring of internal parties will greatly help in detecting potential insider attacks. Overall, 99% of respondents believe that user monitoring can positively contribute to the prevention of insider threats. “Continuous security monitoring enables enterprises to identify malicious activity based on real-time detection of anomalies in insider behavior and transactions,” said Resham Ganglani, CEO of Halodata Group. “With the adoption of complex IT architectures, the enterprise threat surface and resulting vulnerabilities continue to grow. A strong monitoring and analysis framework coupled with highly responsive remediation can significantly prevent attacks on corporate networks and assets.”
The COVID-19 pandemic has led to a drastic increase in the number of remote user endpoints within a company, amplifying the risks of insider threats. According to the report, more than 50% of respondents saw an increase in malicious insider activity since the start of the pandemic. The report also found that work-from-home (WFH) arrangements have a substantial impact on this, with 70% of respondents believing that WFH increased the risk of insider attacks, and 79% agreeing that it has changed the nature of work. these threats and their associated detection mechanisms. “The pandemic has definitely exacerbated the risks of insider threats. The Great Resignation, for example, has created transition phases where access to employee devices and apps is unmonitored, increasing the risk of hacking, abuse and manipulation,” Resham said. “We found nearly a quarter of companies accepting significantly higher insider threat risks due to massive turnover, with a total of 88% accepting generally high levels of risk..“
Overcoming cultural barriers
An interesting facet of corporate insider threat activity highlighted in the report is the contribution of a unique cultural factor – the Asian face value of trust. This refers to the inherent trust placed by Asian companies on internal parties, including employees, which renders best practice security measures unenforceable. As a significant cultural barrier, nearly two-thirds of Singaporean companies believe it negatively distorts the company’s perception of insider threats, leading to a biased approach to corporate security.
The report also assessed several threat mitigation approaches and strategies commonly deployed by Singaporean businesses to deal with insider threats. While 29% of companies said they take a proactive approach, 30% of respondents rely on real-time reactive measures. More than a third of respondents still resort to post-attack actions, only remediating an attack after it has occurred. The poll, however, finds that 80% of companies agree that sufficient guidelines would greatly assist threat management efforts, such as those embedded in existing laws such as the PDPA or the Jobs Act.
When it comes to threat mitigation, surveyed organizations are well aware of potential risk areas where priority detection is most warranted. The survey selected five major areas that are commonly associated with insider threats. Of these, privileged accounts were identified by two-thirds of respondents as the most important place to detect abnormal behavior, followed by documents and storage by 55% of respondents, and endpoints by 52% of respondents. . About half of respondents agree that service accounts and cloud applications are also key areas to watch for insider attacks.
The need to address tool limitations
Respondents also noted several limitations of existing security tools, such as Data Loss Prevention (DLP) and Zero Trust Networks (ZTN) to address insider threats. DLP challenges that were cited include the incidence of false positives, creating and maintaining policies, a lack of data context for decision makers vis-à-vis business teams, and a lack of real visibility. Similarly, respondents find that the general access granted to internal parties makes ZTN ineffective in ensuring the security of corporate networks and assets.
In terms of responsibility for managing internal business threats, the survey finds a general consensus among respondents that IT, risk and compliance are the departments that should be at the forefront. oversight of the implementation of insider threat prevention programs. Respondents also see a strong need for the involvement of the board of directors and HR teams in the implementation of such programs.
This information, along with other findings on the insider threat drivers, approaches and challenges faced by Singapore companies can be found in Halodata Group’s Insider Threat Report 2022-Singapore Edition, available for download at https://halodata.asia/SG-insider-threat-report/
As the leading value-added distributor in the information security industry, Halodata brings industry-leading solutions to market by presenting various information security options from a network of established, award-winning vendors. . Halodata’s unique portfolio of IT security products and services helps commercial and government organizations successfully achieve their security and business objectives. As from Asia A single end-to-end distributor of information security solutions, Halodata prides itself on focusing on customer goals with the objectivity of a true strategic partner. Halodata provides seamless integration and installation of information security solutions to all of its customers by leveraging their experience in distribution, product knowledge, training, professional services and end-user support.
To learn more, visit www.halodata.asia. Follow us on:
SOURCE Halodata International Pte Ltd