Balancing the Sharing of Information

CyberSecurity Journal

Subscribe to CyberSecurity Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get CyberSecurity Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn

Security Authors: Ambuj Kumar, Shelly Palmer, Slavik Markovich, Elizabeth White, Greg Ness

Related Topics: Cloud Computing, Security Journal, CyberSecurity Journal

Blog Feed Post

It’s All ‘Bout That Access, ‘Bout That Access By @Vormetric [#Cloud]

2015 Insider Threat Report Takeaways

2015 ITR results

It's all ‘Bout That Access, ‘Bout That Access, ‘Bout That Access - 2015 Insider Threat Report Takeaways

While a year ago the big breach of the day involved likes of Target, now the breach landscape – which was once about financial gain – has exploded. It’s exploded to a world of state-sponsored attacks, of hackers getting more intelligent and of political organizations cyber-attacking alongside using physical force. Today we issued our 2015 Vormetric Insider Threat report. Coming off of the Sony breach and Obama’s State of the Union address, we can’t think of a better time to deliver a report that provides so much insight into where the cyber security industry stands. Here’s one stat that really stands out:

Despite this unsettling news, results from our 2015 Vormetric Insider Threat Report show that insider threat awareness levels have increased:

  • 55% of respondents globally (59% in the US) believe privileged users pose the most threat to their organization
  • Almost half (44%) of U.S. respondents had experienced a data breach or failed a compliance audit in the last year (40% of respondents Global, and 48% in ASEAN)
  • 89% of Global respondents said they were somewhat or more vulnerable to insider threat – almost 2X the number in 2013 (In the US the number was higher – 93%)

Stolen Credentials, Inappropriate Access, and Third-Party Providers
In an earlier blog post
, Alan Kessler, our CEO, dismissed traditional thinking that malicious insiders are the biggest risk to data. While Edward Snowden may be considered the “insider threat” poster child, Alan pointed out that not all employees have malicious intentions.

With insider threats defined as everyday employees and managers, privileged users and the compromise of employee and privileged user credentials, it’s worth spending a few minutes looking at privileged users. These include high-level computer operators who often have powerful, privileged access rights. Some of the roles on a computer network that they work in include – Linux/Unix root users, network domain administrators and system administrators. While Edward Snowden may come to mind as THE insider threat poster child (and also a privileged user), offenders can range from malicious to accidental (sometimes it is as simple as clicking a link) that put data at risk. As Sony demonstrated, protecting data is not to be taken lightly.

The insider threat landscape is becoming increasingly difficult to deal with as insiders move beyond employees who have access to corporate data. Add to the mix business partners, suppliers, contractors and third-party service providers who have access to your network or cloud resources (including privileged access in many cases) – suddenly security requires a completely different formula. Unless proper control systems are put in place, these third parties often have the ability to steal unprotected data from corporate networks.

The Spectrum of Insider Threats

The Un-Fairytale-Like Ending to Insider Threats
Once upon a time, systems administrators and business users had privileged access to the most sensitive corporate data, with few access controls. Although that’s started to change, our report indicates that even today only half of all business organizations have deployed privileged access/identity management technologies. The difference between now and then? Organizations now understand the irreparable damage that a user with administrative rights can cause.

In the case of Sony, nation state hackers illegitimately accessed a privileged user’s credentials and orchestrated the high profile data breach. Results included leaked data, Sony’s entire system getting compromised and a temporarily canceled movie release. Rumors include that they were back to pencil and paper for at least a week.

The Fear Is Real
To us, the results as outlined in the report indicate that global enterprises are scared – with 89 percent of organizations globally feeling somewhat or more vulnerable to Insider threats. It’s an unsecure world out there and someone (or rather some organizations) will get hurt. Companies like Home Depot, JP Morgan, Sony and many others still grappling with breach ramifications can attest to this.

And while our report found that increased spending is a priority, most organizations don’t know how to allocate those funds. Respondents reported that spending increases were planned to be almost evenly spread across network, end-point and data security related defenses. Partially this is the fault of the IT Security industry. With many vendors continuing to pitch defenses like firewalls that have proven to be porous to today’s attacks as “the best defense against a data breach” it’s no wonder that enterprise leaders are confused.

More than Compliance – Data Breach Protection Must Become the Number One Priority
Compliance has often been seen as the top priority for organizations. This has enabled organizations to put little thought into their enterprise security initiatives. However, as history has shown, being able to click the compliance check box does not mean a company is safe from insider threats.

Our 2015 Insider Threat report showed data breach prevention overtaking compliance as a top priority for organizations when they are looking at allocating IT Security spending. Preventing data breaches, contractual requirements, and protecting intellectual property all scored better than in our previous survey and “achieving compliance” dropped down the priority list.

Bring on the Spending
Our 2015 Insider Threat Report global results found that only 7 percent of organizations believe they will be in a position to spend less on data protection and information security this year than last year. No offense to that 7 percent, but we’re not so sure about that.

The global survey results show that 54 percent of respondents plan to increase their security spend to deal with insider threats next year and the remaining 39 percent will be spending at least as much as they are now.

It’s Really all About that Solution
The number and size of insider breaches continues to rise year on year. However, outside the US, where almost all data breaches have to legally be reported and in turn acted upon, the numbers represent only a portion of the breaches that often remain unreported.

While product performance is an important priority, keeping company data safe takes precedence. Ultimately, controls that maintain the right levels of accessibility (and no more) are paramount as enterprise organizations strive to maintain control. While achieving and maintaining compliance is a nice goal to have, far too many compliant organizations have been breached.

The post It’s all ‘Bout That Access, ‘Bout That Access, ‘Bout That Access – 2015 Insider Threat Report Takeaways appeared first on Data Security Blog | Vormetric.

Read the original blog entry...

More Stories By Vormetric Blog

Vormetric (@Vormetric) is the industry leader in data security solutions that span physical, big data and cloud environments. Data is the new currency and Vormetric helps over 1400 customers, including 17 of the Fortune 30 and many of the world’s most security conscious government organizations, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable Vormetric Data Security Platform protects any file, any database and any application’s data —anywhere it resides — with a high performance, market-leading data security platform that incorporates application transparent encryption, privileged user access controls, automation and security intelligence.