It is the first day of Infosecurity Europe – Europe’s largest information security event that sees some 13,000 visitors from 70 different countries cross the tradeshow floor each year – and, it’s safe to say already that the Insider Threat is set to be one of the hottest talking points at this year’s show. This should come as little surprise since our recent report with Ovum into the scale of the problem across Europe that gave us an unsettling insight into how organisations in the region are still very much struggling to get a handle on the risk posed by privileged users and those ‘on the inside’.
To add further weight to this, the recently released Verizon report found that – of the nine patterns that lead to a breach, insider and privilege misuse came out on top, seen in 12,000 of the 63,000 incidents analysed. To better understand the real challenges that are being faced, we dug a little deeper into the study – this time putting the views of IT decision-makers at European financial organisations (one of the most vulnerable industry sectors) under the microscope.
Echoing the sentiments of the wider study, the financial sector is also finding insider threats harder to detect, with just over half of the respondents claiming it was easier to spot incidents of malicious insider activity last year than it is now. What’s interesting though, is how third party contractors are exacerbating the risk. As mentioned in a previous post, the definition of a ‘privileged user’ has changed massively in recent times – to encompass anybody with the necessary credentials to view and modify data across corporate networks, including contactors. What is perhaps one of the clearest examples of abuse of these rights was seen at the Korean Credit Bureau a few months ago, where the data of almost 20 million nationals was stolen by a third party contractor (who was, somewhat ironically, hired to improve network security). The data was downloaded to a USB stick and shipped out of the organisation without sounding a single alarm bell. As the number of high-profile instances such as this increases, it’s no wonder 55 percent of those in the financial sector see contactors as the biggest threat to data security.
Cloud also emerged as a rising cause of concern, with just under half of the respondents claiming the use of cloud resources made it even harder to detect insider threats. This presents something of a conundrum for those in the financial sector, as cloud computing plays such a significant – and growing – role in their working lives. These organisations have used cloud technologies to increase flexibility and gain a competitive edge for a very long time now, and with the pace of today’s technological advancement, security should no longer be an inhibitor to adoption. As cloud providers bolster their defences to meet enterprise security needs, it has become possible to embrace new IT models such as cloud computing without comprising the integrity of the data that you hold. As mentioned previously, it is our vision here at Vormetric that our technology will be used to secure services such as these and enable more organisations to benefit from the economic benefits and increased agility that the cloud can offer.
There is absolutely no doubt that financial services organisations need to be more cautious when it comes to data security – as they, arguably, have more to lose in terms of both financial and reputational damage if something goes wrong. However, when we repeat this study in a year or so, I would like to see a drop in the number of those concerned about insider threats, as we are striving to build the confidence (backed by robust encryption technology) that is needed to feel secure against this type of attack. After all, insiders are primarily after the data that you hold – and here at Vormetric, that is exactly what we are defending. The data.
Paul Ayers, VP EMEA, Vormetric