Only 27 percent of respondents block privileged user access to data, a proven method of mitigating insider attacks, while 66 percent of respondents use perimeter focused network intrusion detection and prevention tools to identify and prevent insider threats although it is well understood that these tools weren’t designed for insider threat detection but to protect from external threats.
“The data is clear – IT decision-makers are concerned about insider threats and data breaches, but tend to rely on perimeter and network security focussed tools today, rather than securing the data at its source,” said Jon Oltsik, senior principal analyst at Enterprise Strategy Group. “What this research highlights is that large organisations need a data-centric security strategy. Insider attacks are increasingly difficult to prevent and detect, and the research findings reveal the need for a change in approach.”
The more forward looking and sophisticated organisations were using technology approaches that are proven protections against malicious insiders, or malware attacks that compromise insider credentials such as APTs, but were in the minority:
- Only 40 percent are monitoring privileged user activities, with just 27 percent blocking privileged user access
- Nearly half (48 percent) of organisations only review sensitive data access monthly and a startling 76 percent admit to not being proficient at detecting anomalous data access behaviour in real-time.
- Network traffic monitoring is the most-used tool to identify and prevent data breaches (56 percent)
- Laptops and desktops are believed to be the biggest threat (49 percent)
- Two thirds (66 percent) use or intend to use Intrusion Detection/Prevention Systems (IDP/IPS) to supplement network traffic monitoring and detect and prevent insider attacks.
“It’s clear that organisations of all kinds are concerned with securing access to sensitive data,” said Alan Kessler, CEO of Vormetric. “While many of the respondents are using more of the right security technologies and tools to help reduce their attack surface, a much larger group is falling short in taking the additional step to protect from insider threats and thwart attacks such as APTs that steal insider credentials.”