- Mimecast report finds insider threats now rival negligence as top concern
- Organizations report rising malicious and careless incidents
- Mimecast urges adaptive controls against insider risks
IT security leaders are now equally worried about malicious insiders as they are about negligent employees, new research has claimed.
Mimecast recently polled 2,500 IT security and IT decision makers in nine countries to learn about their biggest security fears, finding nearly half (42%) reported an increase in malicious insider threats year-on-year, up from 33% the year before.
At the same time, the same percentage (42%) of organizations also reported an increase in negligent incidents, and this parity marks a “fundamental shift in enterprise security, where intentional betrayal rivals accidents” as a primary security concern.
Most consequential and underestimated threat
On average, a company will experience six insider incidents every month, costing them $13.1 million per incident, Mimecast further explained. Two-thirds (66%) said they expect insider-related data loss to increase going into the next year.
There are numerous ways negligent insiders can hurt a business: from sending sensitive data to the wrong email address, to using unsanctioned cloud-based software. For example, online PDF converters - a very popular tool in the enterprise - are often harvesting the data they’re being uploaded and, in some instances, were also seen delivering malware to their users.
Malicious insiders, on the other hand, are often disgruntled employees and people who got laid off. Sometimes, they’ll take sensitive data with them, breaking company policy and essentially leaking files (often to the competition). On some occasions, people will get bribed to grant threat actors access to corporate networks.
For Mimecast CISO Leslie Nielsen, insider risk has now become “one of the most consequential and underestimated threats”, mostly because insiders are increasingly being exploited as entry points.
"The data shows both careless mistakes and deliberate actions driving incidents in equal measure. Rather than trying to manage human behavior, organisations need adaptive controls that identify high-risk actions and adjust protections in real-time, creating friction when someone accesses data they shouldn't, regardless of whether they have valid credentials. As AI makes it easier for insiders to exfiltrate data at scale, security must meet users at the point of risk."
➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.