According to Vormetric’s 2015 Insider Threat Report, which is based on a survey recently conducted by Harris Poll, fully 93 percent of U.S. IT decision makers feel their organizations are somewhat or more vulnerable to insider threats.
The survey also found that preventing a data breach is the highest or second highest priority for IT security spending for 54 percent of respondents’ organizations, and that 59 percent of U.S. respondents believe privileged users pose the greatest threat to their organizations.
“The topic of insider threats has long been an area of focus and concern,” Eric Guerrino, executive vice president of the Financial Service Information Sharing and Analysis Center (FS-ISAC), said in a statement. “Cyber threats that compromise insider credentials and traditional insider risks have played a part in many of the recent data breaches around the world.”
Forty-six percent of U.S. respondents believe cloud environments are at the greatest risk for loss of sensitive data in their organizations, and 34 percent of U.S. respondents say their organizations are protecting sensitive data because of a breach at a partner or competitor.
And while percent of U.S. respondents said their organizations experienced a data breach or failed a compliance audit in the past year, 59 percent of global respondents found compliance standards to be “very” to “extremely” effective.
“As the past year demonstrates, these threats are real and need to be addressed,” Vormetric CEO Alan Kessler said in a statement. “Organizations wishing to protect themselves must do more than take a data-centric approach; they must take a data-first approach.”
“Although we are heartened that 92 percent of organizations plan to maintain or increase their security spending in the coming year, our larger concern is about how they plan to spend that money,” Kessler added. “The results indicate there is still disagreement about where corporate data which is most at risk actually resides. Our experience, observations and conversations with customers have taught us that even if the situation isn’t entirely black and white, organizations’ use of encryption, access controls and data access monitoring greatly reduce their risk and exposure.”
The Vormetric 2015 Insider Threat Report offers the following five recommendations for implementing an effective insider threat strategy:
- Because point-based security solutions are already failing to detect advanced attacks using employee credentials and data theft by legitimate users, a layered defense combining traditional as well as advanced data protection techniques is the path forward.
- Data protection initiatives need to follow the data — protecting data at rest wherever it resides. For most organizations, this will involve protecting data held in both traditional environments (on-premise databases and servers) as well as newer big data applications and data used in public, private and hybrid cloud implementations.
- Companies should integrate data-at-rest encryption technology that minimizes operational impact and that works with strong access controls and key management for all important data sources.
- Implementing integrated data monitoring and technologies such as security information and event management (SIEM) systems to identify data usage and unusual and malicious access patterns is critical to maximizing security.
- To keep the whole organization safe, companies must develop an integrated data security strategy that includes monitoring, relevant access control, and levels of data protection, and leaves security to the CISO, not the boardroom.
A separate survey of 200 federal government IT and IT security decision makers conducted in December 2014 by Market Connections in conjunction with SolarWinds found that 53 percent of respondents believe careless and untrained insiders pose the greatest IT security threat to their agencies, up significantly from 42 percent a year earlier.
Sixty-four percent said malicious insider threats are as damaging as or more damaging than malicious external threats, and 57 percent said breaches caused by accidental or careless insiders are as damaging as or more damaging than those caused by malicious insiders.
Still, while 69 percent of respondents reported increased investment over the past two years to combat malicious external threats, only 46 percent had done so for malicious insider threats, and only 44 percent had done so for accidental insider threats.
“Interestingly, we have positioned ourselves relatively strongly against external threats, but it is the accidental or malicious insider threat which has caused us more problems,” a director of operations at the Defense Contract Management Agency said in a statement. “People do what they want to do, and there are so many people (particularly younger) who view security as interference and also have some skills to successfully work around security protocols.”
