- Preventing healthcare insider threats needs to be a top priority for covered entities of all sizes, and with cybersecurity threats evolving each day, training methods must also remain current.
Administrative safeguards, including user training and access controls, will be critical in this regard. Especially as a recent survey indicates that insider threat prevention is becoming more difficult across numerous industries.
The Insider Threat Spotlight Report found that 58 percent of organizations still lack the appropriate controls to prevent insider attacks. Additionally, 44 percent stated they were unaware if their organization has experienced an insider attack at all.
Co-sponsored by user behavior analytics and activity monitoring company Veriato and other organizations, the report is based on the results of a comprehensive survey of over 500 cybersecurity professionals. Respondents also varied from technical executives to managers and IT security practitioners.
Surveyed industries include but are not limited to Healthcare, Pharmaceuticals and Biotech; Technology, Software and Internet; Information Security; and Financial Services.
“Not only do companies need to do a better job of educating employees about what data they are able to share or take with them when they leave, but the departments within the companies need to do a better job working together to share any red flags they are seeing, for example from disgruntled employees,” Veriato CEO Mike Tierney said in a statement. “This collaboration, coupled with user behavior monitoring and analytics solutions, can play a huge role in detecting and preventing insider attacks that could potentially cost hundreds of thousands.”
Inadvertent data breaches was listed as a top threat by 71 percent of respondents, while 68 percent said negligent data breaches was the second top threat. Malicious data breaches came in third with 61 percent of those surveyed saying it was a key issue.
Sixty percent of respondents stated that privileged users, such as managers with access to sensitive information, posed the largest insider threat. Additionally, 57 percent said that contractors and consultants were the biggest insider threat, while regular employees were seen as the largest threat by 51 percent of respondents.
In terms of data access and user behavior monitoring, 42 percent of respondents said they either monitor access logging or use automated tools to monitor user behavior 24x7.
Just over half of respondents - 51 percent - also said that user training is the top way that they combat insider threats. Background checks and user activity monitoring were the next top two approaches to combating potential insider threats.
These findings are similar to survey results released earlier this year by Accenture and HfS Research. The State of Cybersecurity and Trust 2016 report found that 48 percent of respondents stated they had a strong or critical concern over data theft from insiders in the next 12 to 18 months. Sixty-nine percent added that they had experienced an attempted or successful theft or corruption of data by insiders during the prior 12 month period.
In healthcare/pharma industry specifically, 26 percent said that a lack of a security budget was the largest inhibitor to their organization’s security provision. Sixteen percent reported that a lack of staffing budget was the greatest inhibitor, while extended budget cycles were listed by 16 percent as the largest issue.
Image Credit: Veriato