The Rise of Insider Threats in Verizon’s DBIR

Closeup of young male theift in sweatshirt with hood transfering money from bills of stolen creding cards-2

Each year, Verizon releases its Data Breach Investigation Report (DBIR). These reports evaluate the state of security each year, providing detailed statistics around leading vulnerabilities, which industries face the most breaches, and much more. In 2019’s report, there were interesting insights about insider threats.

DevOps Connect:DevSecOps @ RSAC 2022


As opposed to external threats like hackers or malware, insider threats stem from within an organization; for example, they may be malicious or merely careless employees. In Verizon’s 2019 report, the researchers found that approximately 34% of breaches involved internal actors. Additionally, this percentage has been increasing since 2015. Compounding the problem further is the fact that 29% of breaches involved the use of stolen credentials and 15% stemmed from legitimately authorized users.

What does this mean for the enterprise? If one in three breaches is caused by internal variables, then greater focus must be given to securing data from insider threats. Fortunately, solutions like cloud access security brokers (CASBs) provide a surplus of capabilities that are up to the challenge. Here are a few that should prove highly helpful.

Contextual access control

Ensuring proper access to cloud applications and the data therein can go a long way toward preventing breaches. Contextual access control is a CASB capability that governs data access by a variety of contextual factors, including user group, device type, geographic location, the type of information that is being accessed, and more. This means unauthorized users are not granted data access – rather, it is given only to the proper individuals.

User and entity behavior analytics

Whether users are careless, malicious, or have surrendered their credentials to a hacker through a phishing scheme, user and entity behavior analytics (UEBA) is a critical tool for protecting enterprise resources. UEBA baselinees user behavior through machine learning and proactively detects suspicious or unusual departures from normal activity. In this way, a user logging into Office 365 at an unusual time and downloading an uncharacteristic amount or type of data can be identified in real time. From there, remediation actions like step-up, multi-factor authentication can be enforced on the fly.

In light of the fact that insider threats have continued to rise in the last several years, it is imperative that organizations begin to defend against them more effectively. This will entail leveraging tools like those above, as well as capabilities like external sharing controls, encryption, zero-trust secure access, and more. If the call to action is answered, then 2020 should see a drop in the number of breaches caused by internal actors.

To learn about cloud access security brokers (CASBs) and how they can protect your enterprise from data leakage, malware, and more, download the Top CASB Use Cases below. 

Top CASB Use Cases

*** This is a Security Bloggers Network syndicated blog from Bitglass Blog authored by Jacob Serpa. Read the original post at: