Thales Blog

From The Horse's Mouth: What We Learned About Insider Threats

October 10, 2013

Screen Shot 2013-10-10 at 1.43.32 PMWhen you're in any industry for awhile, there are obvious truths that you (mistakenly) think everyone understands. With the spectacularly well-covered Edward Snowden/NSA incident a few months ago, I was certain that everyone in enterprise and government IT would understand the magnitude of risk posed by insider threats, and the vital importance of protecting sensitive data. As it turns out, I wasn't even half right.

In some research Vormetric just conducted with Enterprise Strategy Group on the state of insider threats, a whopping 73% of the 700+ IT decision makers responding said that they didn't block privileged user access to sensitive data. (And, yes, our survey was conducted after the Snowden breach was all over the media.) Despite the possibility of rogue administrators and widespread recognition that privileged users are the #1 target for bad actors, organizations still don't have their act together when it comes to data security.

Perhaps that's because the job of securing all that data seems so daunting. In our research, 54% of respondents said they felt insider threats are more difficult to detect than they were 24 months ago. Why? The top three reasons we were given were: 1) cloud computing and virtualization; 2) more employees, contractors and business partners with access to data; and 3) growth in network activity. This definitely jibes with what I hear when I talk to prospective customers; cloud security is a huge concern and organizations of all sizes are searching for the best possible way to make their infrastructure (and those managing it) blind to the data itself.

One odd finding in our research was that spend is still gravitating toward the perimeter, despite overwhelming evidence that perimeter security is failing. The bottom line: 90% of the time, APT breaches involved stolen credentials. There's no question that it's time to start protecting sensitive data at its source.

Happily, a growing number of forward-thinking IT shops are beginning to take a "data-centric" view of security. Our research showed a distinct shift toward data security: a full 56% of the respondents said they use network monitoring tools to detect inside attacks; 40% are now monitoring privileged user activities; and 45% are reviewing sensitive data at least weekly. It's not where we need to be, but it's a promising start.

If you're looking for some practical advice on how to thwart external attackers and reduce the insider threats, take a look at Derek Tumulak's blog post. Or, feel free to visit the Vormetric website for additional information on >combatting insider threats.