Report Says Insider Threats on the Rise

Rapid growth in the volume of sensitive information combined with new technologies has chipped away the effectiveness of traditional endpoint protections and network perimeter security, according to Vormetric's 2015 Insider Threat Report (ITR). The report, conducted online on its behalf by Harris Poll and in conjunction with analyst firm Ovum in fall 2014, included 818 IT decision makers in various countries, including 408 in the United States. The report details findings around how U.S. and international enterprises perceive security threats, the types of employees considered most dangerous, environments at the greatest risk for data loss and the steps organizations are taking to secure data.

According to the report, while Edward Snowden may be viewed as the “insider threat” poster child, not all employees have malicious intentions. Simply by having access, privileged insiders may unwittingly put data at risk – or be used by an outside actor as a conduit for siphoning data.

The 2015 ITR statistics from U.S. organizations polled includes:

93% of U.S. respondents said their organizations were somewhat or more vulnerable to insider threats
59% of U.S. respondents believe privileged users pose the most threat to their organizations
Preventing a data breach is the highest or second highest priority for IT security spending for 54% of respondents’ organizations
46% of U.S. respondents believe cloud environments are at the greatest risk for loss of sensitive data in their organization, yet 47% believe databases have the greatest amount of sensitive data at risk
44% of U.S. respondents say their organizations had experienced a data breach or failed a compliance audit in the last year
34% of U.S. respondents say their organizations are protecting sensitive data because of a breach at a partner or a competitor

“Vormetric’s 2015 Insider Threat report indicates nearly all of U.S. organizations polled perceive a security vacuum and feel quite threatened,” said Andrew Kellett, lead analyst for Ovum and one of the architects behind the report. “As much as we may have hoped to believe it, the Edward Snowden affair was not our data security pinnacle. According to the report, almost half of the U.S. organizations polled experienced a data breach or failed a compliance audit in the past year – which tells us the situation has probably gotten more complicated.”

U.S. attacks have received the lion’s share of attention due to their size and high profiles, but worries about data security are not limited to America. According to the report:

Despite a rash of data breaches among organizations that were considered compliant, 59% of global respondents found compliance standards to be “very” to “extremely” effective
55% of global respondents believe privileged users are the biggest threat. In the U.S., that number is slightly higher, with 59% citing privileged users. And while 46% of U.S. respondents believe partners with internal access pose the second-highest threat, global results point the finger at contractors and service providers

The top 3 reasons for protecting sensitive data among those polled globally are Implementing best practices (38%), Reputation and brand protection (51%) and Compliance requirements (50%)

54% of global respondents will increase security spending to offset the threat in the coming year

The current global reality is that more and more data is being stored in various repositories all over the world and more and more players– such as third party service providers and contractors – are being thrown into the mix. Although respondents generally believe compliance standards to be effective, these standards run the gamut from weak to very stringent. Companies can and should go above and beyond compliance and take common sense measures to protect themselves, including:

Implementing encryption and access controls
Taking careful stock of which employees should have access to data
Diligently monitoring data access activities to get ahead of infiltrations before they snowball

The survey results and research report are available from Vormetric and can be found here.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.