Insider threat: A crack in the organization wall
Vormetric announced the European findings of a survey conducted by Harris Poll in fall 2014 among 818 enterprise IT decision makers (ITDMs) in various countries, including 204 in the UK and Germany.
The research uncovered that 54 percent of the German and UK respondents believe that privileged users (system administrators, database administrators, network administrators, etc.) pose the biggest risk to their organization.
Only 13 percent said that their organizations were not at all vulnerable to insider threats – a slight improvement on the nine percent that said they felt safe last year, but still leaving 87 percent feeling vulnerable.
“Time and again we’ve seen that organizations of all sizes and in all industries can fall victim to insider threats, so we regard the view of the 13% of respondents who do not feel vulnerable as badly informed at best and grossly negligent at worst,” said Mohan Koo, CEO at Dtex Systems. “Our own experience shows that over a third of our customers discover something meriting investigation – such as felony activity or theft of sensitive data – within a few months of monitoring for insider threats.”
The insider threat is multi-faceted and does not only relate to the deliberate theft of data. If systems are not appropriately secured, employees can also inadvertently put sensitive company information at risk.
In addition, modern cyber attacks frequently rely on hijacking log-in credentials of unsuspecting users, often targeting ‘privileged users’ who have the greatest levels of network access. Cybercriminals then use these credentials to log-in and appear as legitimate users so that they can steal data undetected.
Muddu Sudhakar, CEO of Caspida, told Help Net Security that organizations need to plan and operate assuming Snowden-like data breaches will be planned and executed by employees, contractors, administrators, customers, and partners. “To defend against insider threats, organizations need to implement proactive security and threat detection strategies and solutions that uncover potential threats before they obtain access to corporate data. This includes investing in continuous and 24/7 threat detection and monitoring solutions that can scan for anomalies in user, application, resources and data activity that will enable administrators to detect patterns of suspicious behavior and help predict potential areas of new threats,” Sudhakar added.
- 54 percent of IT decision-makers in European enterprises placed privileged users as the highest risk group when considering their data protection requirements. Contractors, service providers, and business partners were also seen as possible risks.
- Although 51 percent of UK respondents and 44 percent of German respondents are increasing spending to offset threats to data, this lags behind 62 percent in the US
- Only 13 percent of IT decision-makers in European enterprises identified that they were not at all vulnerable to insider threats
- 40 percent of UK respondents reported that their organizations have encountered a data breach or failed a compliance audit in the last 12 months
- Compliance was identified by respondents as still the top reason for securing sensitive data in Europe (56 percent), but reputation and brand protection are close behind (54 percent)
- Top European IT security spending priorities identified by respondents were protection of Intellectual Property (52 percent) and preventing a data breach incident (48 percent).
Todd Thibodeaux, President and CEO, CompTIA, believes that the fact that nearly nine in 10 organizations in the Vormetric survey feel vulnerable to insider threats reflects the reality of today’s cybersecurity landscape. “Businesses consistently rate human error as the leading contributor to security breaches. As SMBs become more sensitive to security issues, they will also see some of the problems caused by inexperience and carelessness among the workforce.”