In this post-Snowden era, we all know that insider threats are becoming a major concern for businesses globally. But a recent report from encryption vendor Vormetric and analyst firm Ovum revealed some eye-opening concerns of the 800 senior business managers and IT professionals they surveyed.
"As large-scale breaches, APTs, and Snowden-related discussions dominate the news cycle, it is clear that insider threats are among the most prominent IT security issues facing organizations today, a feeling which is reflected within the findings of our report," said Andrew Kellett, lead analyst for the Ovum IT Security team. "From the data, it's clear that organizations are also struggling with new technologies like cloud, mobile and big data as they seek to protect themselves from insider threats."
89% felt that their organisation was more at risk from an insider attack. This is most likely related to the large number of breaches we’ve seen during the last year with insiders and third parties being responsible for most of the high profile ones. Where there is a marked changed is in the attitude towards administrators of IT infrastructure who have traditionally had open access to systems.
A significant 55% believe that the greatest risk of an insider attack comes from these privileged users. It’s most likely that this is not just due to the fact that they have access but also that these kinds of users have the expertise to be able to exploit that advantage if they wanted to.
According to the report, here are the top three categories of concern from an insider breach:
- Privileged users (55%)
- Third party contractors and service providers (46%)
- External business partners with network access (43%)
Ovum recommends that all user groups with internal access to business systems should be monitored and the access to corporate data they have should be appropriate and no more than they need to fulfil their specific roles. Currently only 58% of organizations have technology in place that allows them to control privileged users and only 56% monitor and audit privileged user activities, so clearly more still needs to be done.