SafeUM
Home Blog Services Download Help About Recharge
EN
RU

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
EN
Lang
EN
RU
Archive
TOP Security!
27 Jan 2015

Why insider threat is thriving

In the past few years, rapid growth in the volume of sensitive information combined with new technologies has chipped away at the effectiveness of traditional endpoint protections and network perimeter security.

In tandem come warranted concerns about the number and types of employees who have access to sensitive data. Simply by having access, privileged insiders may unwittingly put data at risk – or be used by an outside actor as a conduit for siphoning data.

In 2014, the US saw some of the worst data breaches in recent memory with household names Sony, Home Depot, J.P. Morgan Chase and Supervalu experiencing massive financial and reputational blows due to cyber-attacks. According to the Identity Theft Resource Center, over 700 data breaches occurred in 2014 alone, up from 614 in 2013. With these breaches have also come associated legal ramifications and public soul-searching by senior management and board level executives about where to place the blame.

A new insider threat report by Vormetric, carried out in the fall of 2014 among 818 IT decision makers in various countries, found the following:

  •     93% of US respondents said their organizations were somewhat or more vulnerable to insider threats
  •     59% of US respondents believe privileged users pose the biggest threat to their organization
  •     Preventing a data breach is the highest or second highest priority for IT security spending for 54% of respondents’ organizations
  •     46% of US respondents believe cloud environments are at the greatest risk for loss of sensitive data in their organization, yet 47% believe databases have the greatest amount of sensitive data at risk
  •     44% of US respondents say their organization had experienced a data breach or failed a compliance audit in the last year
  •     34% of US respondents say their organizations are protecting sensitive data because of a breach at a partner or a competitor.
     

“As the past year demonstrates, these threats are real and need to be addressed,” said Alan Kessler, CEO for Vormetric. “Organizations wishing to protect themselves must do more than take a data-centric approach; they must take a data-first approach. Although we are heartened that 92% of organizations plan to maintain or increase their security spending in the coming year, our larger concern is about how they plan to spend that money. The results indicate there is still disagreement about where corporate data, which is most at risk, actually resides. Our experience, observations and conversations with customers have taught us that even if the situation isn’t entirely black and white, organizations' use of encryption, access controls and data access monitoring greatly reduce their risk and exposure.”

US attacks have received the lion’s share of attention due to their size and high profiles, but worries about data security are not limited to America. According to the report:

  •     Despite a rash of data breaches among organizations that were considered compliant, 59% of global respondents found compliance standards to be “very” to “extremely” effective
  •     55% of global respondents believe privileged users are the biggest threat. In the US, that number is slightly higher, with 59% citing privileged users. And while 46% of US respondents believe partners with internal access pose the second-highest threat, global results point the finger at contractors and service providers
  •     54% of global respondents will increase security spending to offset the threat in the coming year.
     

The current global reality is that more and more data is being stored in various repositories all over the world and more and more players – such as third party service providers and contractors – are being thrown into the mix. Although respondents generally believe compliance standards to be effective, these standards run the gamut from weak to very stringent. Companies can and should go above and beyond compliance and take common sense measures to protect themselves, including:

  •     Implementing encryption and access controls
  •     Taking careful stock of which employees should have access to data
  •     Diligently monitoring data access activities to get ahead of infiltrations before they snowball.
Tags:
USA information leaks
Source:
Help Net Security
1669
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015