A survey stating that organizations experience nearlyfour insiderthreats per year, and reports of card fraud taking placeover at least two months at Hershey Properties theme park inHershey, Pa., have set off the latest round of cybersecurityalarms.

The Vero Beach, Fla.-based behavior analysis software vendorSpectorSoft released results of its “Insider Threat Report,” acrowd-based research project done in cooperation with the260,000-plus member Information Security Community on LinkedIn andCrowd Research Partners.

The report found that if respondents were willing to admit theysuffered an insider attack, the average number reported was 3.8incidents per organization per year, and a majority of securityprofessionals (62%) saw a rise in insider attacks over the last 12months.

According to the survey, the overall average cost of remediatinga successful insider attack is around $445,000. With an averagerisk of 3.8 insider attacks per year, the total remediation cost ofinsider attacks can quickly run into the millions of dollars.

Organizations overwhelmingly maintained that data loss was theirtop concern regarding insider threats. When asked which types ofinsider attacks were most concerning, 63% of respondents said dataleaks, 57% said inadvertent data breaches and 53% said maliciousdata breaches.

Sixty-two percent of respondents found it more difficult todetect internal threats than external threats, while 38% couldn'tdetermine which type of threat was most difficult to detect. Whenit comes to threat monitoring, 75% of companies monitored thesecurity controls of their applications, 60% monitored a majorityof all of their key IT assets, while only 21% continuouslymonitored user behavior taking place on their networks.

“The survey and report called out a rise in insider threats, thedifficulty in detecting them and the significant costs in cleaningup after a successful insider attack,” Mike Tierney, COO forSpectorSoft, said. “Companies need the ability to detect foranomalies in user behavior to make sure they are aware of thethreats that exist within their organizations, because insiderswill deviate from their normal behavior patterns when planning andexecuting an attack.”

Several financial institutions revealed about a pattern offraudulent charges on customer cards that trace back to avariety of Hershey theme park locations, including food andbeverage outlets, ticketing stations and the Hershey Lodge. Thefraud was first reported by KrebsOnSecurity.

“We have received reports from some of our guests that fraudcharges appeared on their payment cards after they visited ourproperty,” Kathleen McGraw, director of communications for HersheyEntertainment and Resorts Company, said.

“We take reports like this very seriously,” McGraw continued.“While our company does have security measures in place designed toprevent unauthorized access to our network, we immediately began toinvestigate our system for signs of an issue and engaged anexternal computer security firm to assist us. The investigation isongoing.”

Kevin Watson, CEO at the Houston-based Netsurion, a securitycompany that protects small business' payments and data, listedcommon mistakes that lead to retail/hospitality credit cardbreaches.

Errors companies make include failure to protect incomingInternet traffic, control outbound Internet traffic, adequatelyprotect on-premise Wi-Fi, use two-factor authentication, updateanti-malware software and patch all operating systems promptly, hesaid.

“Almost every major breach in the last 24 months failed toincorporate at least one of these measures,” Watson said. “Asbreach attacks intensify, no business is immune from increasinglysophisticated cybercriminals who see them as lucrative targets orthe weak link into an even more strategic target.”

He explained, “There is a growing trend for hospitalitybusinesses to outsource network and on-premise Wi-Fi securityservices, taking the burden off their hands and allowing them tofocus on the core business of providing customers with exceptionaldining, lodging, event and travel experiences.”