Thales Blog

Ovum Insider Threat Report Shows That European Organisations Are Still Struggling To Defend Their Data

April 3, 2014

While we’ve since learned it was a relatively unsophisticated attack, the Target data breach remains anchored in the headlines and, thanks to the more recent security breach reported at giant grocery chain Morrisons in the UK, we can’t get away from the risk posed to business by the ‘Insider Threat’. Events of the last few months have thrust the dangers of privileged user abuse into the spotlight. However, while these security incidents do vary in terms of scale and impact, they all point to the fact that businesses are still struggling to defend their resources from those legitimately within the perimeter.

Hot on the heels of our last study with the Enterprise Strategy Group, Vormetric has just announced the findings of a report into the scale of the Insider Threat across Europe – and, given the aforementioned high-profile examples, the results were surprising to say the least. What struck me most about this piece of research from Ovum was the fact that despite the growing frequency of these incidents and a clear growth in awareness of the matter, organisations are challenged when it comes to containing this very real attack vector. As an example, almost half of the 500 IT decision makers reported that insider threats have become more difficult to detect, and are concerned about the things that their own users can do with sensitive data. Unsurprisingly, a mere 9% felt safe from insider threats – with that number falling to just 6% in the UK.

Part of the complexity stems from the changing nature and definition of a ‘privileged user’. What was once a traditional insider with legitimate access rights has now become almost anybody with credentials to view and modify data across corporate networks – think contractors, system engineers and network maintenance guys, for instance. In addition, as well-funded cybercriminals increase in sophistication, and rarely lack in determination, a further threat comes from privileged user accounts being compromised. Once hijacked, these access credentials can be used as a way for outside hackers to infiltrate lucrative corporate networks. Done with such stealth, and lying undiscovered for long periods of time, it’s no wonder that so many people seem daunted at the prospect of managing this multi-faceted risk.

I realise that this paints a somewhat bleak picture of the European IT security landscape, but luckily it’s not all bad. The silver lining here is that around two thirds of our survey respondents are taking steps to address insider threats by increasing IT security spend as a direct response to the risk. We’ve said it time and time again, but the only way to defend your most critical assets as threat actors begin to target the real treasure troves within organisations – the server level – is to take a data centric approach to security. This must involve implementing encryption and access policies to limit exposure, and the ability to monitor access to identify anomalous user activity. As more organisations begin to target their security spend in that direction, we may see an increased number of respondents feeling more secure about the insider threat the next time around.

On the other side of the coin, the above cannot be seen in a vacuum – as reports of data breaches escalate, data protection mandates are being rewritten to include some teeth – like the proposed penalty of fines of five percent of annual global revenue for those that fail to adequately protect the data they hold in their care. Furthermore, encryption is increasingly being incorporated as a key feature of these regulatory initiatives – pushing the practice well beyond the realms of simply satisfying compliance obligations and into the space of industry-standard best practice.

Another interesting point of the research to call out is that European customers are concerned about data security when it comes to working with contractors and hosting information in the cloud. Yet, the economic benefit of these IT architectures and approaches are too good to miss out on. It is our vision, our goal, that our technology be used to enable businesses to embrace these transformative IT models while ensuring information and data is secure. This is what we strive to achieve every day.

In the past, integrating encryption into an existing IT infrastructure was not synonymous with “easy.” Fortunately, thanks to advances in how encryption is designed, the technology is now transparent, efficient, cost-effective and, dare I say, simple. Now, rather than security being something deemed to be expensive, intrusive and complex, encryption is now a catalyst to enable business, governments and educational institutions alike to achieve their internal objectives, brace themselves for coming legislation and meet the needs of their “customers.”

Alan Kessler, CEO of Vormetric