Sol Cates | Principal Technologist, Data Protection
As we continue to move on through our Insider Threat special blog series, today’s posting sees us take a look at the first part of our original research into this wide ranging topic. Commissioned through ESG, and announced today, the “The Omnious State of Insider Threats” attempts to uncover the truth behind the issue – looking at insider threats, privileged users and advanced persistent threats (APTs).
What we uncovered through our research is that insider attacks are (unsurprisingly) a problem for organisations, but a problem that is getting worse. In fact, ESG’s research indicates that more than half of the IT and security professionals we surveyed believe that insider threats are more difficult to detect/prevent than they were in 2011. Why? For most, it’s a matter of scale – there are simply more people with access to the network – but for some, with the use of technologies such as cloud computing on the up – thus increasing the potential attack surface area – insider threat detection is becoming all the more difficult.
Given the job roles of the people who we spoke to, and the existing security skills, resources, processes and technologies at their disposal, we were surprised at the high numbers of those who identified that they were vulnerable to an insider attack. Of the 700 IT decision makers surveyed, seven percent believed that they are extremely vulnerable and 39 percent felt vulnerable to insider threats. When pushed further on this point, respondents revealed that they are susceptible to a wide variety of potential vulnerabilities – with privileged access user rights, theft of physical devices and abuse of general access rights topping their vulnerability lists.
Ultimately, the lesson here is clear. The Insider Threat is a problem that is not going to go away and you, our readers, are taking notice. Indeed, 53 percent of all organisations surveyed said that they will increase their information security budgets as a direct response to insider threats, as well as ensuring they invest in additional security controls to better protect sensitive data.
The insider threat is a problem, that as Paul’s last blog post demonstrated, has been around for some time, but now has evolved to take on a broader, more sinister edge. The security landscape has evolved and companies cannot afford to rest on their laurels and do nothing. The time has come to start protecting what matters, and the time is now to start protecting data.
If you want to read more – check out the survey results and research report here. Also, make sure you come back and revisit the blog later this week as we take a closer look at the privileged user and the insider threat. And finally, please share your thoughts on the research with us below!