Insider threats are no longer only made up of traditional insiders with legitimate access rights who abuse their positions to steal data for personal gain. Privileged users who maintain systems and networks are now an additional concern, as their roles typically require access to all data accessible from systems to perform their work.
In the study from industry analyst Ovum, nearly half of UK-based respondents (42%) acknowledged it is these privileged users (system administrators, database administrators, network administrators, and so on) who pose the biggest risk to their organizations.
A third insider threat concern comes from the outside-in, with cybercriminals actively seeking to compromise insider accounts (focusing most heavily on privileged users) to infiltrate systems and steal data using their credentials. This was likely the case, for instance, in the Target breach, which is one of the largest in retail sector history.
“Almost half of European organizations [47%] believe that insider threats are now more difficult to detect, with senior IT managers being very worried about the things their own users can do with corporate data,” said Andrew Kellett, principal analyst at Ovum, in a statement. “This risk is compounded by the threat by cyber-attacks that are targeting user accounts – something that is not going completely unrecognized, as 30% of organizations cite advanced persistent threats as a primary driver for ramping-up data breach defenses.”
For most, controlling access to data poses a broad threat for organizations. Cloud implementations are raising security issues, with the lack of visibility into security measures around cloud-hosted data representing a concern for 62% of businesses. Big Data also poses a risk, with over half (53%) of organizations being concerned over the security of Big Data reports that may contain sensitive data.
For some, non-technical employees with legitimate access to sensitive data and IT assets are the biggest risk (49%), while for others even executive management such as the CFO or CEO are the top risk (29%).
There is some good news: organizations are taking steps to address insider threats, with 66% planning to increase IT security budgets as a direct response.
“Clearly, compliance requirements, privacy regulations and ongoing data breaches are having a strong effect on organizations,” said Stewart Room, a partner in Field Fisher Waterhouse's technology and outsourcing group. “With 66% planning to expand IT security spending to offset insider threats, and the challenges they are seeing with protecting data within cloud, mobile and big data environments, enterprises are seeing that their security posture needs to be updated, and are taking steps to do so.”
Organizations are looking to encryption as a data protection strategy: 38% cited it as the single most important security measure. Most organizations are still relying on endpoint and perimeter security though, which does not protect the data itself.
“Despite the growing frequency of insider threat related incidents in the news, the report shows that organizations are still at the early stages of managing this data loss vector,” said Alan Kessler, CEO for Vormetric, which sponsored the study. “Results show a growing awareness of insider threats, but the rapid growth of sensitive information within organisations, and the use of new technologies such as cloud and big data, makes the prospect of securing data with a growing number of point solutions expensive, operationally complex and an impediment for rolling out new services.”