Rapid growth in the volume of sensitive information combined with new technologies has chipped away the effectiveness of traditional endpoint protections and network perimeter security, according to Vormetric's 2015 Insider Threat Report (ITR). The report, conducted online on its behalf by Harris Poll and in conjunction with analyst firm Ovum in fall 2014, included 818 IT decision makers in various countries, including 408 in the United States. The report details findings around how U.S. and international enterprises perceive security threats, the types of employees considered most dangerous, environments at the greatest risk for data loss and the steps organizations are taking to secure data.
According to the report, while Edward Snowden may be viewed as the “insider threat” poster child, not all employees have malicious intentions. Simply by having access, privileged insiders may unwittingly put data at risk – or be used by an outside actor as a conduit for siphoning data.
The 2015 ITR statistics from U.S. organizations polled includes:
- 93% of U.S. respondents said their organizations were somewhat or more vulnerable to insider threats
- 59% of U.S. respondents believe privileged users pose the most threat to their organizations
- Preventing a data breach is the highest or second highest priority for IT security spending for 54% of respondents’ organizations
- 46% of U.S. respondents believe cloud environments are at the greatest risk for loss of sensitive data in their organization, yet 47% believe databases have the greatest amount of sensitive data at risk
- 44% of U.S. respondents say their organizations had experienced a data breach or failed a compliance audit in the last year
- 34% of U.S. respondents say their organizations are protecting sensitive data because of a breach at a partner or a competitor
“Vormetric’s 2015 Insider Threat report indicates nearly all of U.S. organizations polled perceive a security vacuum and feel quite threatened,” said Andrew Kellett, lead analyst for Ovum and one of the architects behind the report. “As much as we may have hoped to believe it, the Edward Snowden affair was not our data security pinnacle. According to the report, almost half of the U.S. organizations polled experienced a data breach or failed a compliance audit in the past year – which tells us the situation has probably gotten more complicated.”
U.S. attacks have received the lion’s share of attention due to their size and high profiles, but worries about data security are not limited to America. According to the report:
- Despite a rash of data breaches among organizations that were considered compliant, 59% of global respondents found compliance standards to be “very” to “extremely” effective
- 55% of global respondents believe privileged users are the biggest threat. In the U.S., that number is slightly higher, with 59% citing privileged users. And while 46% of U.S. respondents believe partners with internal access pose the second-highest threat, global results point the finger at contractors and service providers
The top 3 reasons for protecting sensitive data among those polled globally are Implementing best practices (38%), Reputation and brand protection (51%) and Compliance requirements (50%)
- 54% of global respondents will increase security spending to offset the threat in the coming year
The current global reality is that more and more data is being stored in various repositories all over the world and more and more players– such as third party service providers and contractors – are being thrown into the mix. Although respondents generally believe compliance standards to be effective, these standards run the gamut from weak to very stringent. Companies can and should go above and beyond compliance and take common sense measures to protect themselves, including:
- Implementing encryption and access controls
- Taking careful stock of which employees should have access to data
- Diligently monitoring data access activities to get ahead of infiltrations before they snowball
here.
The survey results and research report are available from Vormetric and can be found