SolarWinds Finds Insider Threats Cited as Leading Cause of Security Incidents

New Study Underscores the Need for Affordable, Accessible Security Solutions

SolarWinds, a leading provider of powerful and affordable IT management software has released findings from a new IDC® White Paper, Affordable Tools and Shared Responsibilities Define Midmarket IT Security Trends, sponsored by SolarWinds.The white paper is based on a survey of both IT and non-IT respondents on their organization’s cybersecurity practices to explore the threat landscape—revealing that organizations are prioritizing security in terms of budget and tool adoption but are vulnerable to even greater risks that exist within their organizations.

Key findings of this research include:

  • The new survey finds insider threats are on the rise, despite organizations’ focus on defending against external issues
  • While 65% of respondents report plans to increase security spending in 2019, midmarket companies still find security tools cost-prohibitive
  • Detection and monitoring tools are in place at most midmarket companies, but basic protective practices need additional focus

Nearly 62 percent of survey respondents cited user errors as the top cybersecurity threat within the company, claiming that user mistakes contributed to the largest attack exposure. Of these insider threats, more than half of the survey respondents reported that regular employees (rather than executives or those with privileged access) pose the biggest risk for insider abuse or misuse.

Additional survey results pointed to the need for effective and affordable tools to help reduce deliberate and malicious attacks and avoid accidental configurations. And, while detection and monitoring tools are in place for larger external threats, the protective practices associated with basic cyberhygiene need additional focus.

“While the bad guys may be getting increasingly smarter, SolarWinds is upping the ante for the good guys,” stated Brandon Shopp, vice president, product strategy, security. “We meet the demand for affordability and effectiveness because we are focused on solving the security problems that technology  professionals are trying to solve every day. We’re not trying to boil the ocean with overly-complex and expensive solutions. We help simplify security at all levels—from the initial threat identification stage through to recovery. That’s our promise.”

“Cybercriminals now operate as part of a well-oiled machine that can easily crank out a variety of attacks that are both random and focused in nature,” says Tim Brown, vice president of security, SolarWinds. “But in reality, an equally dangerous and even more imminent threat exists: internal users. Between mistakes and technology deployment misconfigurations, organizations are finding themselves highly susceptible to threats that are perpetuated from the inside, leaving themselves effectively wide open to attacks.”


Organizations have demonstrated significant progress when it comes to defending against external threats but are still vulnerable to increasingly risky insider threats.

  • Cybersecurity has become a budgeted organizational expense rather than a proposal for funding; the need for effective and affordable tools to help reduce deliberate and malicious external attacks and avoid accidental configurations is being recognized.
  • 65% of survey respondents expect their spend on security tools and services in 2019 to increase YoY, while 34% expect it to stay the same. Fewer than 1% expect their funds to decrease.
  • 40% are beginning to use threat intelligence to adjust configurations or search for vulnerable situations, while 48% prioritize vulnerability scanning, followed by SIEM adoption (47%).
  • However, most problems and exposures are self-inflicted, with 62% of survey respondents citing users (insiders) making mistakes that put the company at risk as the top cybersecurity threat that led to incidents within the company.
  • Fewer than half of survey respondents (47%) cited external bad actors infiltrating the network and systems as the leading case of cybersecurity issues.
  • Of the insider threats, more than 50% of survey respondents claim that regular employees (not privileged users) pose the biggest risk for insider abuse/misuse. Below employees, contractors (41%) and privileged IT admins (31%) were the next biggest threats.

Organizations are making a concerted effort to dedicate more budget toward solutions and tools to improve security measures but the tools are often cost-prohibitive.

  • While 65% of respondents report plans to increase their security spending in 2019, midmarket companies are still price conscious when it comes to security investments.
  • 54% of respondents claim they would be able to improve their cybersecurity posture if security solutions were more affordable.

Cybersecurity teams are often overconfident when it comes to their abilities to defend their IT environments and must continue to pay equal attention to protective strategies.   

  • Survey respondents revealed a misperception about handling security vs. the market reality. When asked about their confidence in their ability to use security technologies and defend their environments with the tools currently in place, the response came back as a four on a five-point scale.
  • However, the skills ratings didn’t significantly change when the location of the tools was said to be in a public cloud (vs. on-premises) environment – despite the proliferation of reports detailing misconfigured cloud storage “buckets” and the increased complexity associated with identity management in hybrid, on-premises and cloud environments.
  • When asked about technologies used to protect organizations from external and internal threats, only 32% cited endpoint protection and 27% cited patch management.
  • This lack of patch management activities and reduced focus on network endpoints is alarming, as these basic cyber hygiene best practices must be combined with detection to help ensure that the “front door” isn’t left wide open.
  • While detection or monitoring tools are in place at most midmarket companies, protective practices need additional focus.
  • The primary tactic used to respond to and recover from the incident is backup and recovery (79%).
  • The majority of the midmarket isn’t yet able to fund or conduct extensive forensic analysis activities leading to any patient zero identifications (28%).

To download the white paper, please click here.

The results presented in this study are derived from a survey link sent to both IT and non-IT respondents who declared themselves to be either knowledgeable or very knowledgeable about their organization’s cybersecurity practices.  All results were collected from a survey website during February 2019.

Of all the respondents, 66% were based in North America, 17% were from the United Kingdom, and 17% were from Germany, Austria and Switzerland. Regarding company size, 56% of respondents were from midmarket organizations (100 to 1,000 employees), 24% of respondents were from large-scale organizations (1,000+ employees), and 20% of respondents were from small businesses (under 100 employees).

About SolarWinds

SolarWinds (NYSE:SWI) is a leading provider of powerful and affordable IT infrastructure management software. Our products give organizations worldwide, regardless of type, size or IT infrastructure complexity, the power to monitor and manage the performance of their IT environments, whether on-premises, in the cloud, or in hybrid models. We continuously engage with all types of technology professionals—IT operations professionals, DevOps professionals, and managed service providers (MSPs)—to understand the challenges they face maintaining high-performing and highly available IT infrastructures. The insights we gain from engaging with them, in places like our THWACK online community, allow us to build products that solve well-understood IT management challenges in ways that technology professionals want them solved. This focus on the user and commitment to excellence in end-to-end hybrid IT performance management has established SolarWinds as a worldwide leader in network management software and MSP solutions. Learn more today at

SolarWinds’ breadth of security solutions includes SolarWinds® Access Rights Manager (ARM)SolarWinds Security Event Manager (SEM)SolarWinds Threat MonitorSolarWinds BackupSolarWinds Mail AssureSolarWinds PassportalSolarWinds Risk Intelligence, and SolarWinds Patch Manager—plus a suite of monitoring and management platforms with security baked in, including capabilities for robust endpoint detection and response.