The SANS 2015 Survey on Insider Threats recently found that while 74 percent of the 772 IT security professionals surveyed said they’re concerned about insider threats from negligent or malicious employees, 32 percent said they have no ability to prevent an insider breach, and 28 percent said insider threat detection and prevention isn’t a priority in their organizations.
The survey, sponsored by SpectorSoft and conducted by the SANS Institute in December 2014 and January 2015, also found that 44 percent of respondents said they don’t know how much they currently spend on solutions to mitigate insider threats, and 45 percent said they don’t know how much they plan to spend on such solutions in the next 12 months.
While 69 percent of respondents said they currently have an incident response plan in place, more than half of those respondents said that plan has no special provisions for insider threats.
More than 52 percent of survey respondents said they didn’t know what their losses might amount to in the case of an insider breach.
“While it’s good to see that a strong majority of security professionals are concerned about the dangers posed by insider threats, I was struck by the fact that investment in solutions that can help does not appear to be keeping pace with that concern,” SpectorSoft COO Mike Tierney said in a statement. “I believe a key action item called out by the survey data is that increased focus on, and investment in, addressing the concerns is required.”
Separately, the 2015 Vormetric Insider Threat Report found that 92 percent of 102 U.S.-based healthcare IT decision makers surveyed said their organizations are either “somewhat” or more vulnerable to insider threats — and fully 49 percent felt “very” or “extremely” vulnerable to insider threats.
The survey, conducted by Harris Poll on Vormetric‘s behalf in the fall of 2014, also found that 48 percent of healthcare organizations experienced a data breach or failed a compliance audit in the past year.
Fully 63 percent of healthcare IT decision makers said their organizations are planning to increase spending to offset data threats.
“Healthcare data has become one of the most desirable commodities for sale on black market sites, yet U.S. healthcare organizations are failing to secure that data,” Vormetric CEO Alan Kessler said in a statement. “An overreliance on compliance requirements and a cursory nod to data protection point to systemic failures that are putting patient data at risk.”
And a recent survey of credit unions, conducted by Awareness Technologies in partnership with CUNA Strategic Services, found that 77 percent of respondents don’t believe or are unsure if they have complete protection regarding internal data threats.
Eighty-three percent of credit unions surveyed said their biggest concern regarding insider threats is confidential information being transferred to unauthorized recipients, while another 52 percent said they’re worried about sensitive data being transferred using removable media.
“The demand for insider threat protection is growing, but it’s often an expensive and demanding process,” Awareness Technologies vice president of corporate marketing Michael Goldberg said in a statement.