Most US businesses vulnerable to insider threats

What factors does the enterprise need to consider when creating cybersecurity risk policies?


The majority of US corporations are vulnerable to insider threats, new research suggests.

According to enterprise data security provider Vormetric, 93 percent of US corporations are vulnerable to threats -- from the inside. The security landscape has changed rapidly in the last few years, with high-profile data breaches attacking companies indiscriminately. From vast treasure troves of data leaked online over a Sony film to millions of credit card records pilfered from US retailer Target, the threat of cyberattack in the corporate realm is only getting worse -- or more obvious.

However, it is not just external threats that today's enterprise players have to cope with. According to research conducted on Vormetric's behalf by Harris Poll and Ovum in fall 2014, insiders -- whether accidentally or maliciously -- are also playing a huge part in weakening corporate security.

The annual threat report, conducted among 818 IT decision makers in various countries -- including 408 in the United States -- suggests that the traditional layers of protection offered by endpoint systems and network perimeter security are no longer effective on their own, as businesses now traffic in vast amounts of data and use new technologies.

According to the survey, out of respondents polled in the US, 93 percent admitted their organizations were "somewhat" or "more" vulnerable to insider threats, and 59 percent believed privileged users pose the most threat to their organisation. In addition, 44 percent of respondents said their organization had experienced a data breach or failed a compliance audit in the last year, and 34 percent said their organizations are protecting sensitive data because of a breach at a partner -- or competitor.

When it comes down to whether cloud environments or databases pose the greatest risk to sensitive data, the jury was out -- as roughly half of each group blamed both storage systems.

Alan Kessler, CEO for Vormetric commented:

"Organisations wishing to protect themselves must do more than take a data-centric approach; they must take a data-first approach. Although we are heartened that 92 percent of organisations plan to maintain or increase their security spending in the coming year, our larger concern is about how they plan to spend that money.

The results indicate there is still disagreement about where corporate data which is most at risk actually resides. Our experience, observations and conversations with customers have taught us that even if the situation isn't entirely black and white, organisations' use of encryption, access controls and data access monitoring greatly reduce their risk and exposure."

The reality is that data breaches are going to continue to occur, and corporations need to measure risk factors, the current threat landscape and the bottom line to make informed decisions for the levels of investment needed in cybersecurity. Data breaches can not only tank a share price, but can damage reputation, systems, future business and reduce consumer trust.

If insiders are being viewed as a major risk in this area, then it is up to corporations to change their policies to compensate.

Interested? Read: Over 90 percent of data breaches in first half of 2014 were preventable

Read on: In the world of security

Show Comments