Today's modern business has to worry about stiff competition, rising energy prices, innovation, and how to poach talent to keep a corporation thriving — as well as the persistent threat of cybercrime. However, new research suggests that within European organizations, one worry tops the rest: the possibility of insider threats.
Research conducted by enterprise data security firm Vormetric in conjunction with industry analyst firm Ovum — surveying over 500 IT decision makers in mid-range and large businesses across the UK, France, and Germany — discovered that only nine percent of businesses feel safe from insider threats.
Nearly half of UK-based businesses said that "privileged users," such as system and data administrators, as well as network specialists, pose the biggest risk to system protection against cyberattacks.
Insider threats are no longer classified simply as disgruntled employees who use privileged access to abuse their positions and steal data for personal use. Instead, those who maintain systems are an additional concern, since their roles generally require access to root systems in order to protect them. If a cybercriminal manages to compromise one of these accounts, then they are given widespread access in to corporate networks and are able to wreak havoc.
The key findings of the survey are:
- Only nine percent of all organizations surveyed, and six percent of UK businesses, feel safe from insider threat
- 47 percent of companies say that it is harder to detect insider threats than it was in previous year
- Top management and executives are considered the top risk, with 29 percent of respondents saying accounts belonging to the CEO or CFO are most at risk.
- 62 percent of respondents believe that there is a general lack of transparency concerning cloud and the technology's security measures.
The report states that organizations are beginning to realize that encryption plays a part in not only protecting corporate and customer data, but preventing insider threats. In total, 38 percent of respondents said that encryption is the most important security measure that blocks insider threats. In direct response to this threat, 66 percent said they planned to increase future IT security budgets.
Vormetric CEO Alan Kessler commented:
"Despite the growing frequency of insider threat related incidents in the news, the report shows that organisations are still at the early stages of managing this data loss vector.
To practically defend themselves, organisations must take a data centric approach, implementing encryption and access controls to limit exposure, and monitoring data access to identify inappropriate user activity using a platform approach that scales with growing data security mandates and requirements without diverting an inordinate amount of IT resources."