According to a new SANS survey, 40 percent of respondents rated malicious insiders (insiders who intentionally do harm) as the most damaging threat vector their companies faced. Furthermore, nearly half (49 percent) said they were in the process of developing a formal incident response plan with provisions to address insider threat. This further illustrates the urgency with which companies are moving to address this threat vector.

“We are encouraged to see organizations recognizing malicious insiders as the top threat vector, but we are not seeing the necessary steps taken to address it,” said Haystax CEO, Bryan Ware. “Existing tools aren’t smart enough, or don’t have the context needed to identify malicious insiders. What’s needed is contextually-smart, user behavior analytics that produce actionable intelligence for decision makers.”

Despite the increased awareness of the threat from malicious insiders, many organizations continue defending against the wrong enemy by failing to implement effective detection tools and processes to identify these malicious insiders.

A third of survey respondents (33.6 percent) have these tools and technology, but have not used them operationally and more than a third (38 percent) of survey respondents are in the process of re-evaluating internally to better identifying malicious insiders.

“It is misleading to see that sixty percent of respondents said they had not experienced an insider attack,” said SANS instructor and survey report author, Eric Cole, PhD. “The rest of our data indicates that organizations still are not effective at detecting insider threats, so it’s clear that most either didn’t notice threats or attacks, or didn’t realize those incidents involved malicious insiders, or outsiders using compromised insider credentials.”