Here is a quick one on INSIDER THREAT. Deep down, we all know that nobody cares about the insider threat. Well, not literally “nobody”; few organizations do care about their insider threats [and, yes, those who genuinely care tend to care a whole lot, granted].
Now, many say they do care (a great example), but, frankly, I don’t think they spend money on it, hence their actions scream “WE DON’T CARE!” while their words whisper “eh…we …eh…care…maybe!” Off the cuff, we may get 50 malware calls for every 1 insider threat call, based on my purely unscientific impression of available data. Meanwhile, one may argue that insider threat is mostly about process than tools and so the spend is less visible, to which I say: try building a robust, mature process without spending lots of money – or time.
On the other hand, many organizations today are starting to care about the threats that are already inside (malware, attackers who hacked in, etc). Funnily, some security vendors market “insider threat solutions” to those people – thus creating hilarity (like “sandboxing to catch insider threat” or “top exploits used by insiders”…huh?)
To reduce this confusion, maybe we can think about this like so:
- THREATS INSIDE – drive spending on UBA / UEBA, traffic analysis (NTA), SIEM, deception, lots of other tools, etc. A BIG DEAL!
- INSIDER THREAT – drive almost no spending (as per our research, <10% of security budget). For a small number of organizations, this is a big deal too. For most others, this is a “meh!” issue.
Blog posts related to this research:
- Our “Understanding Insider Threats” Paper Publishes
- Insider Threat: Does It Matter Now? And How Much?
Read Complimentary Relevant Research
Security Monitoring and Operations Primer for 2017
Security monitoring and operations excellence is a key component of any effective security program. Gartner's 2017 research will guide...
View Relevant Webinars
Equip Your IAM Risk-Based Planning With a Comprehensive Risk Model
Assessment of more than 50 large IAM deployments have shown suboptimal IAM solutions with arbitrary priorities, missing time and budget...
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.