Thales Blog

Lessons Learned: Insider Threat Research

October 24, 2013

Tina Stewart Tina Stewart | VP, Global Market Strategy More About This Author >

Screen Shot 2013-08-20 at 9.21.12 AMAfter some intense efforts over the last two months, we’re wrapping up the results of our insider threat research. Our research results had two focal points:

  1. What concerns IT decision-makers had around insider threats and data breaches (this included topics such as cloud security, data security, APTs and the rights of the privileged user).
  2. What those same IT decision-makers are doing to ensure their organizations don’t fall prey to insider threats and data breaches.

My last blog post focused on our first round of research, and after collating and presenting the data (along with our research partner Enterprise Strategy Group) to the world, today, I’d like to talk a bit about Vormetric’s take on what these results should mean to security professionals and some of the key takeaways that the media found interesting.

First the Vormetric perspective - The broader message that we at Vormetric think needs to be taken from this survey is that the security posture of most organizations is fundamentally flawed when it comes to Insider Threats. The research shows that organizations are heavily invested in traditional perimeter and end point security technology solutions; IDS/IPS, Identity management, network firewalls, anti-virus and so on. These are valuable security solutions, but have only minor roles in protecting against insider threats from employees, contractors, and Advanced Persistent Threat (APT) type malware that has penetrated the perimeter. The only solution to the problem is the put protections for data directly around the data.

We did find that a minority of organizations have received and acted on this message – 27% were controlling access to data by privileged users and 46% were checking data access patterns at least monthly. But these are a distinct minority.

Our call to action from these results? We all need to think harder about how we allocate our scarce security resources. No matter what solution organizations select to solve the problems around locking down access to data (while making sure not to bring operations to a grinding halt), and monitoring constantly for changes to access patterns that indicate a threat, security resource spend and focus need to be adjusted to meet today’s realities.

Media reports, on the other hand, tended to focus in on specific areas that they found of most interest – Not surprisingly the media was interested in hearing how enterprises are changing their approach toward data security in a post-Snowden era. IDG (for one) reported that 45 percent of our survey respondents had changed their views on insider threats since Snowden’s disclosures.

For Vormetric, this confirms thinking we’ve had for some time: the Snowden disclosures have fundamentally changed the way that organizations are thinking about data security.

A fair number of other media (CBR and The Guardian to Tom’s IT PRO) keyed in on the fact that 73 percent of IT decision-makers aren’t blocking user access to sensitive data. They focused on the message that organizations aren’t doing what’s needed to protect against the dangers posed by the privileged user. Our CEO Alan Kessler explained this problem with a great analogy about the postal service: postal workers do not need to open the envelope in order to deliver our mail.

There were also a couple rather in-depth pieces from eWeek and CSO on our second round of research. They saw how clearly the results pointed to the ever-growing need for data-centric security.