Survey: CISOs worried about insiders, data breaches

Share this article:
Eighty percent of CISOs believe their company's own employees and contractors are the greatest threat to company data, according to a new study conducted by security vendor NetWitness and audit-and-information-security training company MIS Training Institute.

Conducted from June 10 to 12 at the sixth annual CISO Summit in Lisbon, Portugal, the survey of more than 60 information security professionals from across the world also found that just 18 percent viewed external sources as the biggest threat to company data.

When asked how concerned about data breaches they were, 97 percent of respondents said they were either “very concerned” or “concerned,” while just three percent said they don't worry about their network "because it's secure," the survey found.

Meanwhile, based on respondents' answers, the survey showed that 59 percent of sensitive data resides on Windows or Unix-based servers, 23 percent on mainframes, eight percent on end-user computers and another eight percent with third parties. Eddie Schwartz, CSO of NetWitness, told SCMagazineUS.com on Monday that he thinks those stats are concerning because they illustrate that many companies store their most sensitive data in places not necessarily in direct control of data center.

In a roundtable meeting where security pros gathered to discuss the survey findings, some talked about their inability to deploy the proper technologies to counter the threats of today, Schwartz said. Most agreed that due to competing demand from compliance and budget constraints, it was difficult to obtain the needed technology to face attacks at the application layer.

One attendee said organizations should get better visibility to monitor computers on their network and look for signs of communication with outside entities -- and then stop that communication. Schwartz said that tactic is not necessarily easy, but it's a reasonably good defensive measure.

Protecting data from both internal and external threats, as well as meeting compliance demands and dealing with cost restrictions, are major concerns of customers, Doug Howard, chief strategy officer at security vendor Perimeter eSecurity, told SCMagazineUS.com on Tuesday.

“It's not an internal versus external problem, it's about protecting your core data and putting a layered approach,” Howard said.
Share this article:

Sign up to our newsletters

More in News

Hackers target video game companies to lift copy protections and develop cheats

A threat group is targeting video game companies in order to lift DRM protections, develop cheats and possibly to steal source code.

Android malware spreads via mail tracking SMS spam

The mobile malware is currently targeting German users, McAfee revealed.

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

About 2,800 victims of worldwide info-stealing campaign targeting ...

Unknown attackers have claimed about 2,800 victims in an ongoing information-stealing campaign identified by Kaspersky Lab as "Crouching Yeti."