Top 3 surprising results from the 2015 Vormetric Insider Threat Report

Posted By: Andy Kicklighter, @akicklighter (Twitter)
30 Jan
Categories : Insider Threat            Leave a comment           

We had a couple of surprising findings come up in the data for the 2015 Vormetric Insider Threat report this year and I thought I’d highlight my top three here.

1 – People aren’t sure what solutions they need to solve the problem.

2015 Insider threat Priority resultsInsider threats aren’t just traditional employees with access to financial data, critical IP or secrets. They now include a host of partners and service provider employees that also have access to enterprise networks, cloud and SaaS resources. Privileged users have become a primary concern as well with the access that their roles provide to system data and resources. And the compromise of all of these accounts by either malicious insiders, nation state hackers or cybercriminals out for financial gain has been a core component in almost all of the major data breaches in the last year.

Analysts and industry leaders alike can now regularly be heard to say that it isn’t “If” your organization will be breached by these attacks, it’s only a question of “When”.

<ClickToTweet>: 3 Surprising Insider Threat Findings from @Vormetric @akicklighter #DefenderOfData

With this change to the environment, the tools that many in IT Security have used to safeguard their organizations in the past are less effective than they have been.

  • Anti-Virus – One security consultant I spoke with put it at less than $5K for the price of unique malware that is undetectable to current AV solutions (a “zero-day” exploit) on black web sites
  • Firewalls – With the Verizon Data Breach Report putting the “chance of a click” on spear phishing emails at 90%+ after 15 attempts how useful will your firewall be at keeping a determined attacker out? Sure – Firewalls are a baseline security requirement. But don’t expect them to keep out a determined attackers out, or to contain them within your network. Internal and application firewalls will slow them down, but it won’t solve the problem.
  • DLP – With APT and similar attacks encrypting data before it leaves a system, DLP seems of limited use. It will catch malicious insiders who aren’t savvy, and the careless.
  • Network IDS/IPS – Didn’t stop incursions at Target, Home Depot, JPMC and a host of others
  • IAM Solutions – Solutions like Active Directory are helpless (without multi-factor authentication) once an insider with access for their work to sensitive data “goes rogue” or once an account is compromised by a malicious outsider. When deployed with multi-factor authentication their effectiveness rapidly increases – but in our survey only 38% of organizations had deployed this.

And yet … We found in the survey that respondents still think these types of solutions to be effective and were investing just as heavily in them to offset the threat as in solutions that will actually help. Here’s what the numbers looked like:

Rated Very or Extremely
effective against
Insider Threats

Planning to increase
spending in this area
Analysis and correlation tools 68% 48%
Data-at-rest defenses 76% 49%
Data-in-motion defenses 74% 47%
End point and mobile
device defenses


Network defenses 76% 42%


So what will actually help the most? – Extended defenses around data-at-rest and data-in-motion.

For data-at-rest this means:

  • Encryption or other obfuscation of sensitive data
  • Controls at the system level, and within applications for who, what, when, where from, and how that data can be accessed
  • And monitoring of the access of legitimate users of the data

The first two combined radically reduce the attack vectors to only those users with legitimate access, effectively putting the data “in a vault” that is only accessible to those that need it. The last lets allows organizations to keep a watch on those with who need access for their work, and flag anomalous behavior that can indicate an attack in progress.

2 – How broad the problem is

40 percent experienced a data breachGlobally, 40% of organizations that experienced a data breach or failed a compliance audit in the last year. When looking at some specific industry segments, the numbers were even higher. US – Retailers and Healthcare provider numbers for this question were at 48% of respondents. 27% of US financial services organizations specifically noted that they were securing sensitive data because of a past data breach , and another 34% because of a breach at a partner or competitor.

We knew that the numbers were not going to be pretty, but these numbers are yet another indication that organization’s just haven’t learned how to cope with the changes yet.

3 – People are getting it – Compliance isn’t the top problem

Data Breach Prevention a Top PriorityIn our 2013 report data, compliance was by far the biggest driver for IT Security spending increases at 45%. Those citing a data breach at their organization as a driver were only 7% of respondents at the time, and 21% of respondents noted that they were setting increased spending priorities because of a breach at another organization.

This year the results were radically different. The global results show data breach protection as the top concern when setting IT security spending priorities at 50% of organizations followed by protection of Critical IP (44%), Protection of Financial and other Assets (41%), and with compliance now bringing up the rear at 32%. There were some global variations … with critical IP scoring third in the US behind protection of financial and other assets, for instance … but compliance was either last or tied for last in all cases.

What the 2015 Vormetric Insider Threat Report Results Mean for Cloud Providers
Andy Kicklighter

Written by Andy Kicklighter

Andy Kicklighter is an enterprise software product management, product marketing and marketing communications leader with deep expertise in IT Security, IT infrastructure, IT Services and Cloud. Presently responsible for PR, Social and Solutions marketing for Vormetric, Kicklighter brings over 25 years of experience to his role, and was previously responsible for bringing to market data center and cloud-based tools and services for six start ups, as well as more established companies including CA Technologies, Sun Microsystems and Adobe Systems. @akicklighter – Twitter
View all posts by: Andy Kicklighter