Crowd2018年网络内部安全威胁报告英文2018841页

PRESENTEDBYINSIDERTHREAT2018REPORTINSIDERTHREAT2018REPORTTABLEOFCONTENTSINTRODUCTIONKEYSURVEYFINDINGSINSIDERTHREATDETECTIONINSIDERTHREATPROGRAMSPONSORSOVERVIEWMETHODOLOGY&DEMOGRAPHICSCONTACTUS3451624324041TheresultingInsiderThreatReportisthemostcomprehensiveresearchonthetopictodate,revealinghowITandsecurityprofessionalsaredealingwithriskyinsidersandhoworganizationsarepreparingtobetterprotecttheircriticaldataandITinfrastructure.Wewouldliketothankthestudysponsorsforsupportingthisresearch:CATechnologies|Dashlane|HaystaxTechnology|HoloNetSecurity|Interset|Quest|Raytheon|RSA|Securonix|Veriato|Inaddition,wewanttothankallsurveyparticipantswhoprovidedtheirtimeandinputinsupportofthisstudy.Wehopeyouwillenjoyreadingthisreport.Thankyou,HolgerSchulzeINTRODUCTIONToday’smostdamagingsecuritythreatsarenotoriginatingfrommaliciousoutsidersormalwarebutfromtrustedinsiders-bothmaliciousinsidersandnegligentinsiders.Thissurveyisdesignedtouncoverthelatesttrendsandchallengesregardinginsiderthreatsaswellassolutionstopreventormitigateinsiderattacks.Our400,000memberonlinecommunity,CybersecurityInsiders,inpartnershipwiththeInformationSecurityCommunityonLinkedIn,askedCrowdResearchPartnerstoconductanin-depthstudyofcybersecurityprofessionalstogatherfreshinsights,revealthelatesttrends,andprovideactionableguidanceonaddressinginsiderthreat.32018INSIDERTHREATREPORTHolgerSchulzeCEOandFounderCybersecurityInsidersHolger.Schulze@Cybersecurity-Insiders.com2018INSIDERTHREATREPORT4Ninetypercentoforganizationsfeelvulnerabletoinsiderattacks.Themainenablingriskfactorsincludetoomanyuserswithexcessiveaccessprivileges(37%),anincreasingnumberofdeviceswithaccesstosensitivedata(36%),andtheincreasingcomplexityofinformationtechnology(35%).Amajorityof53%confirmedinsiderattacksagainsttheirorganizationintheprevious12months(typicallylessthanfiveattacks).Twenty-sevenpercentoforganizationssayinsiderattackshavebecomemorefrequent.Organizationsareshiftingtheirfocusondetectionofinsiderthreats(64%),followedbydeterrencemethods(58%)andanalysisandpostbreachforensics(49%).Theuseofuserbehaviormonitoringisaccelerating;94%oforganizationsdeploysomemethodofmonitoringusersand93%monitoraccesstosensitivedata.ThemostpopulartechnologiestodeterinsiderthreatsareDataLossPrevention(DLP),encryption,andidentityandaccessmanagementsolutions.Tobetterdetectactiveinsiderthreats,companiesdeployIntrusionDetectionandPrevention(IDS),logmanagementandSIEMplatforms.Thevastmajority(86%)oforganizationsalreadyhaveorarebuildinganinsiderthreatprogram.Thirty-sixpercenthaveaformalprograminplacetorespondtoinsiderattacks,while50%arefocusedondevelopingtheirprogram.12345KEYSURVEYFINDINGSINSIDERTHREAT2018INSIDERTHREATREPORT6Toooften,peopleassociatetheterm“InsiderThreats”incybersecuritywithmaliciousemployeesintendingtodirectlyharmthecompanythroughtheftorsabotage.Intruth,negligentemployeesorcontractorsunintentionallycauseanequallyhighnumberofsecuritybreachesandleaksbyaccident.Inthisyear’ssurvey,companiesareequallyworriedaboutaccidental/unintentionaldatabreaches(51%)throughusercarelessness,negligenceorcompromisedcredentialsastheyarefromdeliberatemaliciousinsiders(47%).NATUREOFINSIDERTHREATSWhattypeofinsiderthreatsareyoumostconcernedabout?NotSure2%110010101100101011100101011001010111001010110010101010PASSWORD10Malicious/deliberateinsider(e.g.willfullycausingharm)Accidental/unintentionalinsider(e.g.carelessness,negligenceorcompromisedcredentials)51%47%2018INSIDERTHREATREPORT7Securityprofessionalshaveauniqueresponsibilitytodetect,counterandrespondtocyberattacks.Thisjobbecomesincreasinglymorechallengingwhenthreatscomefromwithintheorganizationfromtrustedandauthorizedusers.Itisoftendifficulttodeterminewhenusersaresimplydoingtheirjobfunctionorsomethingillegalorunethical.Thesurveyindicatedbothregularemployees(56%)andprivilegedITusers(55%)posethebiggestinsidersecurityrisktoorganizations,followedbycontractors(42%).RISKYINSIDERSWhattype(s)ofinsidersposethebiggestsecurityrisktoorganizations?*Privilegedbusinessusers/executives42%56%Customers/clientsNoneNotsure/otherContractors/serviceproviders/temporaryworkers55%PrivilegedITusers/adminsRegularemployees29%22%2%6%*Multi-responsequestionsdonotaddupto100%2018INSIDERTHREATREPORT8DataisnolongerjustanITasset;it’sacorestrategicasset,andsometypesofdataaremorevaluablethanothers.Confidentialbusinessinformation,whichencompassescompanyfinancialsalongwithcustomerandemployeedata,isahighlystrategicassetandequallyahigh-valuetarget.Againthisyear,confidentialbusinessinformation(57%)takesthetopspotasmostvulnerabletoinsiderattacks,followedbyprivilegedaccountinformation(52%),andsensitivepersonalinformation(49%.MOSTVULNERABLEDATAWhattype(s)ofdataaremostvulnerabletoinsiderattacks?57%49%52%Employeedata31%Notsure/Other1%Intellectualproperty(Financials,customerdata,employeedata)(Credentials,passwords,etc.)(PII/PHI)(Tradesecrets,researchproductdesigns)(HR)Operational/infrastructuredata27%(Network,infrastructurecontrols)ConfidentialbusinessinformationPrivilegedaccountinformationSensitivepersonalinformation32%