Eighty percent of CISOs believe their company’s own employees and contractors are the greatest threat to company data, according to a new study conducted by security vendor NetWitness and audit-and-information-security training company MIS Training Institute.
Conducted from June 10 to 12 at the sixth annual CISO Summit in Lisbon, Portugal, the survey of more than 60 information security professionals from across the world also found that just 18 percent viewed external sources as the biggest threat to company data.
When asked how concerned about data breaches they were, 97 percent of respondents said they were either “very concerned” or “concerned,” while just three percent said they don’t worry about their network “because it’s secure,” the survey found.
Meanwhile, based on respondents’ answers, the survey showed that 59 percent of sensitive data resides on Windows or Unix-based servers, 23 percent on mainframes, eight percent on end-user computers and another eight percent with third parties. Eddie Schwartz, CSO of NetWitness, told SCMagazineUS.com on Monday that he thinks those stats are concerning because they illustrate that many companies store their most sensitive data in places not necessarily in direct control of data center.
In a roundtable meeting where security pros gathered to discuss the survey findings, some talked about their inability to deploy the proper technologies to counter the threats of today, Schwartz said. Most agreed that due to competing demand from compliance and budget constraints, it was difficult to obtain the needed technology to face attacks at the application layer.
One attendee said organizations should get better visibility to monitor computers on their network and look for signs of communication with outside entities — and then stop that communication. Schwartz said that tactic is not necessarily easy, but it’s a reasonably good defensive measure.
Protecting data from both internal and external threats, as well as meeting compliance demands and dealing with cost restrictions, are major concerns of customers, Doug Howard, chief strategy officer at security vendor Perimeter eSecurity, told SCMagazineUS.com on Tuesday.
“It’s not an internal versus external problem, it’s about protecting your core data and putting a layered approach,” Howard said.