HIghlights from the Annual 2015 Insider threat report

By Roy, on May 4th, 2016

The insider threat is becoming the “bad boy” of the cyber security neighborhood. Analysing the last 12 months security breaches we can see a significant trend related to insider activities. From the latest OPM data breach to the destructive attack on Sony all are directly caused or related to insider threats.

The following information contain the higlights of the 2015 insider threat report. The report is based on a survey filled by a sample of 250,000 cyber security professionals and enterprise customers which are part of the information security Linkedin community.


Over all higlights:


  • Privileged users, such as managers with access to sensitive information, pose the biggest insider threat to organizations (59 percent). This is followed by contractors and consultants (48 percent), and regular employees (46 percent).
  • 62 percent of security professionals say insider threats have become more frequent in the last 12 months. But only 34 percent expect additional budget to address the problem.
  • Less than 50 percent of organizations have appropriate controls to prevent insider attacks. 62 percent of respondents say that insider attacks are far more difficult to detect and prevent than external attacks.
  • 38 percent of survey respondents estimate remediation costs to reach up to $500,000 per insider attack. 64 percent of respondents find it difficult to estimate the damage of a successful insider attack.


The expected speed of recovery from an insider attack follows the same pattern we are seeing for speed of detection. The most common recovery times are a week or less (40 percent). In this context, recovery is defined as closing down the attack vector, considering that a successful attack can result in long lasting economic and reputation damage to the organization. 40 percent of respondents simply don’t know how fast their organization would recover from an insider attack.



Successful insider attacks can be costly to organizations, from immediate economic impact to long term damages in reputation and customer trust. Over a third of survey respondents estimate remediation costs to reach up to $500,000 per attack. Of those that are able to estimate the average cost of remediation, 24 percent believe the cost exceeds $500,000 and can reach in the millions. The overall estimated cost of remediating a successful insider attack is around $445,000. With an average risk of 3.8 insider attacks per year, the total remediation cost of insider attacks can quickly run into the millions of dollars.




Policies and training (36 percent) are considered the most effective tools in protecting against insider threats. Data loss prevention (DLP) tools (31 percent) and identity and access management (IAM) (30 percent) round out the top three.


Security policies are the most effective tools for securing the network against the internal threat. Although the imporance of security policy enforcement is clear most organizaitions find it highly challenging to implement them. the challenge of enforcing the policy is that you can never no what will be the impact on the server functionallity. The danger of harming server functionallity causing enforcement of pure policies (about 30% of the original policy). Enforcing such pure policies expose the organization to vulnerabiilities and dramatically increase the chance to get be affected by the internal threat.


CalCom’s CHS provides a pre enforcement impact analysis, by providing visibilliy to the OS and application connectivity you will get a clear indication of which part of your policy will cause damage to the server functionallity. Using CHS you can assure that a much larger percent of your policy is enforced and the objects that weren’t enforced are well managed and monitored.