Why insider threat is thriving

In the past few years, rapid growth in the volume of sensitive information combined with new technologies has chipped away at the effectiveness of traditional endpoint protections and network perimeter security. In tandem come warranted concerns about the number and types of employees who have access to sensitive data. Simply by having access, privileged insiders may unwittingly put data at risk – or be used by an outside actor as a conduit for siphoning data.

A new insider threat report by Vormetric, carried out in the fall of 2014 among 818 IT decision makers in various countries, found the following:

  • 93% of U.S. respondents said their organizations were somewhat or more vulnerable to insider threats
  • 59% of U.S. respondents believe privileged users pose the biggest threat to their organization
  • Preventing a data breach is the highest or second highest priority for IT security spending for 54% of respondents’ organizations
  • 46% of U.S. respondents believe cloud environments are at the greatest risk for loss of sensitive data in their organization, yet 47% believe databases have the greatest amount of sensitive data at risk
  • 44% of U.S. respondents say their organization had experienced a data breach or failed a compliance audit in the last year
  • 34% of U.S. respondents say their organizations are protecting sensitive data because of a breach at a partner or a competitor.

In 2014, the U.S. saw some of the worst data breaches in recent memory with household names Sony, Home Depot, J.P. Morgan Chase and Supervalu experiencing massive financial and reputational blows due to cyber-attacks. According to the Identity Theft Resource Center, over 700 data breaches occurred in 2014 alone, up from 614 in 2013. With these breaches have also come associated legal ramifications and public soul-searching by senior management and board level executives about where to place the blame.

“As the past year demonstrates, these threats are real and need to be addressed,” said Alan Kessler, CEO for Vormetric. “Organizations wishing to protect themselves must do more than take a data-centric approach; they must take a data-first approach. Although we are heartened that 92% of organizations plan to maintain or increase their security spending in the coming year, our larger concern is about how they plan to spend that money. The results indicate there is still disagreement about where corporate data, which is most at risk, actually resides. Our experience, observations and conversations with customers have taught us that even if the situation isn’t entirely black and white, organizations’ use of encryption, access controls and data access monitoring greatly reduce their risk and exposure.”

U.S. attacks have received the lion’s share of attention due to their size and high profiles, but worries about data security are not limited to America. According to the report:

  • Despite a rash of data breaches among organizations that were considered compliant, 59% of global respondents found compliance standards to be “very” to “extremely” effective
  • 55% of global respondents believe privileged users are the biggest threat. In the U.S., that number is slightly higher, with 59% citing privileged users. And while 46% of U.S. respondents believe partners with internal access pose the second-highest threat, global results point the finger at contractors and service providers
  • 54% of global respondents will increase security spending to offset the threat in the coming year.

The current global reality is that more and more data is being stored in various repositories all over the world and more and more players – such as third party service providers and contractors – are being thrown into the mix. Although respondents generally believe compliance standards to be effective, these standards run the gamut from weak to very stringent. Companies can and should go above and beyond compliance and take common sense measures to protect themselves, including:

  • Implementing encryption and access controls
  • Taking careful stock of which employees should have access to data
  • Diligently monitoring data access activities to get ahead of infiltrations before they snowball.