To guard against insider threats, organizations should focus their attention on securing data rather than endpoints, research revealed in recent report indicated.
“93 percent [of U.S. respondents] believe they are somewhat or more vulnerable to insider threats,” Sol Cates, CSO at Vormetric, which published the “2015 Vormetric Insider Threat Report,” told SCMagazine.com in an interview. “I want to know what the other seven percent are doing that make them feel they’ve solved their [security] problems.”
That’s a good question, considering 44 percent of U.S. respondents admit their organizations had either a data breach or failed a compliance audit within the last year.
Globally, 89 percent of those surveyed say they are at risk from insider threats with 34 percent believing they are extremely vulnerable. That feeling of vulnerability is enough to make 93 percent say they’d either increase or maintain their current spending on security solutions and data protection.
As Edward Snowden and high-profile breaches like the Sony hack demonstrate, whether through malicious or inadvertent actions, insiders do pose some of the biggest threats for organizations — with privileged users representing the greatest threat at 55 percent (59 percent in the U.S.) followed by contractors and service providers at 46 percent, according to the report. Forty-three percent of survey respondents said that business partners were the greatest insider threat.
Cates noted that most organizations “unfortunately discover after the fact” that an insider has caused or orchestrated a breach. He added that companies misstep when they “spend more time chasing the rats than protecting the cheese,” or data.
The report identified three main data-rich areas where information could be in jeopardy. Much of the risk lies in databases — 49 percent of respondents said they contain the highest volumes of sensitive data with file servers coming in at 39 percent and the cloud.
Cates expects to see a move spending away from spending on securing endpoints and focused more on securing data. “We see people starting to shift toward data-centric spending,” he said.