The top security worry keeping businesses awake at night? Insider threats

The top security worry keeping businesses awake at night? Insider threats

Summary: Trust no-one.

TOPICS: Security

Today's modern business has to worry about stiff competition, rising energy prices, innovation, and how to poach talent to keep a corporation thriving — as well as the persistent threat of cybercrime. However, new research suggests that within European organizations, one worry tops the rest: the possibility of insider threats.

Research conducted by enterprise data security firm Vormetric in conjunction with industry analyst firm Ovum — surveying over 500 IT decision makers in mid-range and large businesses across the UK, France, and Germany — discovered that only nine percent of businesses feel safe from insider threats.

Nearly half of UK-based businesses said that "privileged users," such as system and data administrators, as well as network specialists, pose the biggest risk to system protection against cyberattacks.

Insider threats are no longer classified simply as disgruntled employees who use privileged access to abuse their positions and steal data for personal use. Instead, those who maintain systems are an additional concern, since their roles generally require access to root systems in order to protect them. If a cybercriminal manages to compromise one of these accounts, then they are given widespread access in to corporate networks and are able to wreak havoc.

The key findings of the survey are:

  • Only nine percent of all organizations surveyed, and six percent of UK businesses, feel safe from insider threat
  • 47 percent of companies say that it is harder to detect insider threats than it was in previous year
  • Top management and executives are considered the top risk, with 29 percent of respondents saying accounts belonging to the CEO or CFO are most at risk.
  • 62 percent of respondents believe that there is a general lack of transparency concerning cloud and the technology's security measures.

The report states that organizations are beginning to realize that encryption plays a part in not only protecting corporate and customer data, but preventing insider threats. In total, 38 percent of respondents said that encryption is the most important security measure that blocks insider threats. In direct response to this threat, 66 percent said they planned to increase future IT security budgets.

Vormetric CEO Alan Kessler commented:

"Despite the growing frequency of insider threat related incidents in the news, the report shows that organisations are still at the early stages of managing this data loss vector.

To practically defend themselves, organisations must take a data centric approach, implementing encryption and access controls to limit exposure, and monitoring data access to identify inappropriate user activity using a platform approach that scales with growing data security mandates and requirements without diverting an inordinate amount of IT resources."

Credit: Ovum


Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Hardwiring security helps, but isn't a panacea

    You also need to incentivize people to behave well. It starts with paying them a fair, just, compensation for their services. Short-changing an employee to save a buck doesn't buy you any loyalty from them. Some will walk with pens and pads of paper, or small parts if they can get away with it. I.T. types could steal data; but are more likely to perform passive sabotage by failing to verify backups, not documenting changes, or downgrading priorities. They justify those actions in their own minds because the feel that the company isn't providing them with what they deserve. And most companies are too cowardly to ask an employee what level of compensation would they require to be above reproach.
    • Money

      Doesn't buy loyalty, especially not when the alternative to loyalty is making MORE money.

      Very well paid people skim off the top to make just a little bit more all the time, and I don't think paying them more will solve their greed issue.
      luke mayson
  • Maybe if Employees Weren't Viewed as Resources?

    Perhaps if employers invested in hiring quality employees instead of hiring the lowest bidder (i.e. H1B1); perhaps if employers invested in employees on a long-term basis instead of layoffs at the slightest downturn in profits; perhaps if employers viewed employees as people instead of resources; perhaps then the loyalty would be reciprocated.

    Start by changing the name of the Human Resources Department back to the Personnel Department.
  • It was also the reasons roles were originally created....

    to confine the "admins" to only their portion of the system they are authorized to administer. The one I worked at, had roles for data management (other admins could not access the disks, and they could not access other areas), networks (could not access disks or other admin areas), operations (could not access anything for configuration, but did have admin control over batch job start/stop/abort... support)

    And all events were logged to the security log (another admin area, but they could not access the other areas either).

    To break the system required collusion from multiple people - which is much less likely.

    Operating systems this way is much more expensive (you need 3 times the staff to keep from giving the same person multiple roles...)