In the past few years, rapid growth in the volume of sensitive information combined with new technologies has chipped away at the effectiveness of traditional endpoint protections and network perimeter security.
In tandem come warranted concerns about the number and types of employees who have access to sensitive data. Simply by having access, privileged insiders may unwittingly put data at risk – or be used by an outside actor as a conduit for siphoning data.
In 2014, the US saw some of the worst data breaches in recent memory with household names Sony, Home Depot, J.P. Morgan Chase and Supervalu experiencing massive financial and reputational blows due to cyber-attacks. According to the Identity Theft Resource Center, over 700 data breaches occurred in 2014 alone, up from 614 in 2013. With these breaches have also come associated legal ramifications and public soul-searching by senior management and board level executives about where to place the blame.
A new insider threat report by Vormetric, carried out in the fall of 2014 among 818 IT decision makers in various countries, found the following:
“As the past year demonstrates, these threats are real and need to be addressed,” said Alan Kessler, CEO for Vormetric. “Organizations wishing to protect themselves must do more than take a data-centric approach; they must take a data-first approach. Although we are heartened that 92% of organizations plan to maintain or increase their security spending in the coming year, our larger concern is about how they plan to spend that money. The results indicate there is still disagreement about where corporate data, which is most at risk, actually resides. Our experience, observations and conversations with customers have taught us that even if the situation isn’t entirely black and white, organizations' use of encryption, access controls and data access monitoring greatly reduce their risk and exposure.”
US attacks have received the lion’s share of attention due to their size and high profiles, but worries about data security are not limited to America. According to the report:
The current global reality is that more and more data is being stored in various repositories all over the world and more and more players – such as third party service providers and contractors – are being thrown into the mix. Although respondents generally believe compliance standards to be effective, these standards run the gamut from weak to very stringent. Companies can and should go above and beyond compliance and take common sense measures to protect themselves, including: