SolarWinds Finds Insider Threats Cited as Leading Cause of Security Incidents

SolarWinds Finds Insider Threats Cited as Leading Cause of Security Incidents

June 5, 2019 Off By David

SolarWinds, a leading provider of powerful and affordable IT management software, today released findings from a new IDC White Paper, Affordable Tools and Shared Responsibilities Define Midmarket IT Security Trends, sponsored by SolarWinds.The white paper is based on a survey of both IT and non-IT respondents on their organization’s cybersecurity practices to explore the threat landscape-revealing that organizations are prioritizing security in terms of budget and tool adoption but are vulnerable to even greater risks that exist within their organizations.

Specifically, nearly 62 percent of survey respondents cited user errors as the top cybersecurity threat within the company, claiming that user mistakes contributed to the largest attack exposure. Of these insider threats, more than half of survey respondents reported that regular employees (rather than executives or those with privileged access) pose the biggest risk for insider abuse or misuse.

Additional survey results pointed to the need for effective and affordable tools to help reduce deliberate and malicious attacks and avoid accidental configurations. And, while detection and monitoring tools are in place for larger external threats, the protective practices associated with basic cyberhygiene need additional focus.

“While the bad guys may be getting increasingly smarter, SolarWinds is upping the ante for the good guys,” stated Brandon Shopp, vice president, product strategy, security. “We meet the demand for affordability and effectiveness because we are focused on solving the security problems that technology  professionals are trying to solve every day. We’re not trying to boil the ocean with overly-complex and expensive solutions. We help simplify security at all levels-from the initial threat identification stage through to recovery. That’s our promise.”

“Cybercriminals now operate as part of a well-oiled machine that can easily crank out a variety of attacks that are both random and focused in nature,” says Tim Brown, vice president of security, SolarWinds. “But in reality, an equally dangerous and even more imminent threat exists: internal users. Between mistakes and technology deployment misconfigurations, organizations are finding themselves highly susceptible to threats that are perpetuated from the inside, leaving themselves effectively wide open to attacks.”

SolarWinds’ breadth of security solutions includes SolarWinds Access Rights Manager (ARM), SolarWinds Security Event Manager (SEM), SolarWinds Threat Monitor, SolarWinds Backup, SolarWinds Mail Assure, SolarWinds Passportal, SolarWinds Risk Intelligence, and SolarWinds Patch Manager-plus a suite of monitoring and management platforms with security baked in, including capabilities for robust endpoint detection and response.  

Key Findings

Organizations have demonstrated significant progress when it comes to defending against external threats but are still vulnerable to increasingly risky insider threats.

  • Cybersecurity has become a budgeted organizational expense rather than a proposal for funding; the need for effective and affordable tools to help reduce deliberate and malicious external attacks and avoid accidental configurations is being recognized.
  • 65% of survey respondents expect their spend on security tools and services in 2019 to increase YoY, while 34% expect it to stay the same. Fewer than 1% expect their funds to decrease.
  • 40% are beginning to use threat intelligence to adjust configurations or search for vulnerable situations, while 48% prioritize vulnerability scanning, followed by SIEM adoption (47%).
  • However, most problems and exposures are self-inflicted, with 62% of survey respondents citing users (insiders) making mistakes that put the company at risk as the top cybersecurity threat that led to incidents within the company.
  • Fewer than half of survey respondents (47%) cited external bad actors infiltrating the network and systems as the leading case of cybersecurity issues.
  • Of the insider threats, more than 50% of survey respondents claim that regular employees (not privileged users) pose the biggest risk for insider abuse/misuse. Below employees, contractors (41%) and privileged IT admins (31%) were the next biggest threats.

Organizations are making a concerted effort to dedicate more budget toward solutions and tools to improve security measures but the tools are often cost-prohibitive.

  • While 65% of respondents report plans to increase their security spending in 2019, midmarket companies are still price conscious when it comes to security investments.
  • 54% of respondents claim they would be able to improve their cybersecurity posture if security solutions were more affordable.

Cybersecurity teams are often overconfident when it comes to their abilities to defend their IT environments and must continue to pay equal attention to protective strategies.   

  • Survey respondents revealed a misperception about handling security vs. the market reality. When asked about their confidence in their ability to usesecurity technologies and defend their environments with the tools currently in place, the response came back as a four on a five-point scale.
  • However, the skills ratings didn’t significantly change when the location of the tools was said to be in a public cloud (vs. on-premises) environment – despite the proliferation of reports detailing misconfigured cloud storage “buckets” and the increased complexity associated with identity management in hybrid, on-premises and cloud environments.
  • When asked about technologies used to protect organizations from external and internal threats, only 32% cited endpoint protection and 27% cited patch management.
  • This lack of patch management activities and reduced focus on network endpoints is alarming, as these basic cyberhygiene best practices must be combined with detection to help ensure that the “front door” isn’t left wide open.
  • While detection or monitoring tools are in place at most midmarket companies, protective practices need additional focus.
  • The primary tactic used to respond to and recover from the incident is backup and recovery (79%).
  • The majority of the midmarket isn’t yet able to fund or conduct extensive forensic analysis activities leading to any patient zero identifications (28%).

To download the white paper, please click here.