We had a couple of surprising findings come up in the data for the 2015 Vormetric Insider Threat report this year and I thought I’d highlight my top three here.
1 – People aren’t sure what solutions they need to solve the problem.
Insider threats aren’t just traditional employees with access to financial data, critical IP or secrets. They now include a host of partners and service provider employees that also have access to enterprise networks, cloud and SaaS resources. Privileged users have become a primary concern as well with the access that their roles provide to system data and resources. And the compromise of all of these accounts by either malicious insiders, nation state hackers or cybercriminals out for financial gain has been a core component in almost all of the major data breaches in the last year.
Analysts and industry leaders alike can now regularly be heard to say that it isn’t “If” your organization will be breached by these attacks, it’s only a question of “When”.
With this change to the environment, the tools that many in IT Security have used to safeguard their organizations in the past are less effective than they have been.
And yet … We found in the survey that respondents still think these types of solutions to be effective and were investing just as heavily in them to offset the threat as in solutions that will actually help. Here’s what the numbers looked like:
Rated Very or Extremely
|Planning to increase
spending in this area
|Analysis and correlation tools||68%||48%|
|End point and mobile
So what will actually help the most? – Extended defenses around data-at-rest and data-in-motion.
For data-at-rest this means:
The first two combined radically reduce the attack vectors to only those users with legitimate access, effectively putting the data “in a vault” that is only accessible to those that need it. The last lets allows organizations to keep a watch on those with who need access for their work, and flag anomalous behavior that can indicate an attack in progress.
2 – How broad the problem is
Globally, 40% of organizations that experienced a data breach or failed a compliance audit in the last year. When looking at some specific industry segments, the numbers were even higher. US – Retailers and Healthcare provider numbers for this question were at 48% of respondents. 27% of US financial services organizations specifically noted that they were securing sensitive data because of a past data breach , and another 34% because of a breach at a partner or competitor.
We knew that the numbers were not going to be pretty, but these numbers are yet another indication that organization’s just haven’t learned how to cope with the changes yet.
3 – People are getting it – Compliance isn’t the top problem
In our 2013 report data, compliance was by far the biggest driver for IT Security spending increases at 45%. Those citing a data breach at their organization as a driver were only 7% of respondents at the time, and 21% of respondents noted that they were setting increased spending priorities because of a breach at another organization.
This year the results were radically different. The global results show data breach protection as the top concern when setting IT security spending priorities at 50% of organizations followed by protection of Critical IP (44%), Protection of Financial and other Assets (41%), and with compliance now bringing up the rear at 32%. There were some global variations … with critical IP scoring third in the US behind protection of financial and other assets, for instance … but compliance was either last or tied for last in all cases.