IT pros are taking action against the insider threat
2015 is set to see a huge rise in the number of IT professionals taking action to address insider threat in their organizations. Currently 56% of IT professionals in the US have an insider threat program already in place, and 78% of those remaining, or 34% of the total, are planning to put one in place this year. A further 6% are planning an insider threat program within five years.
The findings are part of research revealed in IS Decisions’s new report based on a survey of 250 IT professionals in the US and 250 in the UK, the study found that combating insider threat is high on the agenda following a string of high-profile internal security breaches. An average of 37% across the two countries are planning an insider threat program this year.
The research also found that IT professionals are spending more on security in general, with the proportion of IT budgets spent on security increasing by a third in the last year (based on research conducted by IS Decisions in November 2013). In addition, 73% stated that they expect their expenditure to increase further. However, a disproportionately tiny 3.6% of overall IT budget spend currently goes toward internal security issues.
IT professionals in 2015 are planning a combination of tactics to tackle insider threat, with the majority including “technology, tools and data’ (66%), and “organization-wide security training and awareness’ (57%) in their plans.
However, IT professionals are also craving guidance on mitigating insider threat, with 91% believing that industry-wide collaboration is needed and 78% wanting clearer guidelines on tackling the issue.
Fran?Â§ois Amigorena, CEO of IS Decisions, said: “2014 has been dubbed by many as the “year of the breach’. We kept seeing big-name businesses hitting the news as a result of major internal security breaches week after week.
“That has carried over into 2015 to some extent with examples like the US health insurer Anthem. However, it looks like IT professionals are very much taking heed of what they’re seeing, meaning 2015 could be set to be the “year of tackling insider threat’.
“It’s also encouraging to see that IT professionals are not just thinking up hypothetical plans, they are putting their money where their mouths are in allocating budget. But there is a need there for more collaborative help and guidance, which is interesting given insider threat is an organizational issue. Clearly IT professionals are now open to working together to understand how best to address it.”