The study of mid-market and enterprise organizations indicates that 54 percent believe it is more difficult to detect and prevent insider attacks today than it was in 2011. Additionally, 46 percent say they are vulnerable to an insider threat attack – in spite of their existing security skills, resources, processes, and technologies.
“This survey focused on IT concerns around Insider Threats and the IT, security and business professionals surveyed had direct knowledge and responsibilities in this area,” said Jon Oltsik, Senior Principal Analyst at Enterprise Strategy Group. “While APTs and advanced malware attacks continue in the headlines, the ESG research indicates that organizations remain vulnerable to numerous insider threat vectors. This situation must be addressed as it creates an unacceptable level of IT and business risk.”
Abuse of Privileged User rights by employees was a primary concern – with 63 percent responding that they were vulnerable to abuse of privileged user rights by employees.
Cloud security concerns (35 percent), network expansion (36 percent) and APTs that compromise insider credentials (27 percent) head the list of recent changes in IT environments that fuel the perceived expansion in risk from insiders.
Many are taking action – over half (53 percent) are increasing security budgets due to Insider Threats and plan to invest that budget in security controls to counteract those threats. This readiness to take action may be related to the acts of Edward Snowden as the research indicates that 45 percent of organisations have changed their views on insider threats since his disclosures were first reported in the media. This may also explain why third party contractors face increasing scrutiny. Nearly half of all survey respondents (48 percent) believe those third parties pose an insider threat and 58% admit to feeling vulnerable to those contractors abusing access rights.
“The results from this survey highlight the greatly increased concerns organisations have around their valuable data due to recent events, shifts in IT technologies, and the rapid escalation of security threats,” said Alan Kessler, CEO for Vormetric. “Decision-makers are in need of solutions that protect information by securing the data itself, rather than solely the path to that data.”
The complete results are available here (registration required).