Nuix, a security intelligence and information management technology company, had in-depth conversations with chief information security officers and directors from Fortune 500 and Fortune 1000 companies about the dynamic nature of security and how their role is adapting.
Security leaders now have a much more influential seat at the table, partly because of the public nature of breaches and the lack of information security.
The report found that there’s a greater focus on insider threats since the first report was conducted in 2014. 71% of respondents reported that they have an insider threat program or policy, and 14% said that they allocate 40% or more of their budget to insider threats.
“Managing incident response and insider threats has received greater investment in the past year,” said one respondent. “There’s been a shift in allocation toward looking internally, rather than at the perimeter,” added another.
“The findings in this report are of no surprise—they represent the same issues and concerns that we’re advising our customers on every day,” said Keith Lowry, Nuix’s Senior VP of Business Threat Intelligence and Analysis. “First, there’s greater awareness of insider threats thanks to the public profiles of Chelsea Manning and Edward Snowden. It’s also easier to steal information; for example, you can copy key files onto a thumb drive in seconds. And finally, sadly enough, theft of internal records has become culturally more acceptable.”
People were reported to be “almost universally” the biggest weakness in information security, ahead of technology and processes. Of the respondents that reported to have an insider threat or policy, 70% offer employee training to minimize risk. “The company employs intelligence teams that study different aspects of communications, user activity, social media, suspicious activity and other details,” said one respondent.