Advanced persistent threats are a major challenge that keep security professionals up at night, but insider threats are increasingly becoming more difficult to thwart, according to a new study.
“The Omnious State of Insider Threats,” a report commissioned by San Jose, Calif.-based security firm Vormetric and conducted by Enterprise Strategy Group, surveyed 700 IT professionals with in-depth knowledge into insider attacks. Results indicated that insider attack vectors are a top-of-mind challenge that has produced increased restlessness over the last two years.
Over half of respondents (54 percent) in the survey indicated that “detecting” and “preventing” insider attacks has become more difficult since 2011.
Despite security resources at organizations, 46 percent of those surveyed believe they are still vulnerable to the inside threat. This is due to increases in network activity from a multitude of employees who have access to the network, and the growing use of cloud computing.
“There are a lot more vectors,” Jon Oltsik, senior principal analyst at Enterprise Strategy Group, told SCMagazine.com on Thursday. “Security people have more to do, and they're expected to reduce risk and detect events, but using the same toolsets and the same basic number of people. You're asking people to do more and more complex tasks and that just doesn't scale.”
A majority of respondents indicated that they are doing something about the threat. Of those surveyed, 53 percent have increased security budgets to address the potential threat. This may be tied to all of the recent headline-grabbing news involving the National Security Agency (NSA).
According to the study, 45 percent of organizations have changed their perception regarding the threat after former Booz Hamilton contractor Edward Snowden came clean as the source of leaked classified documents that revealed the NSA's mass secret surveillance program.
“I think the Edward Snowden issue has gotten people scared that they have employees that have legitimate and credentialed access to certain data,” Oltsik said. “They may be abusing that data and they probably don't have safeguards against that abuse that they have for privileged users.”
Threats can be posed from a number of inside sources. However, 51 percent of respondents feared that “non-technical employees” with access to sensitive data posed the greatest risk, while 48 percent believed it was third-party contractors, and 34 percent indentified IT administrators. These findings surprised Oltsik the most.
“In the past, when we looked at insider threats, people identified IT administrators as privileged users.” he said. "In this one, we talked about employees with access to sensitive data.”