Survey: Insider Threats Are Top Of Mind


Businesses of all sizes are increasingly deploying technology designed to detect and block angry employees from stealing sales contacts, confidential agreements and other documents before they leave the company and are guarding themselves against careless workers who bypass restrictions, potentially exposing sensitive data.

Data loss prevention (DLP), database security technologies, data discovery tools and network storage encryption were cited as the technologies slated for expansion or upgrades, according to a Forrester Research survey of nearly 700 North American and European enterprise and small- and midsize-business IT security decision-makers. Thirty-six percent of companies are looking to either adopt a new implementation or add investment to a current implementation for database vulnerability technologies, Forrester found. The underlying technologies include database activity monitoring and tools for auditing and vulnerability assessments.

DLP technologies have gotten more sophisticated, but many deployments aren't taking full advantage of their potential, said Heidi Shey, an analyst at Forrester Research.

Organizations must undertake a proper data discovery and classification project to understand which data sets are most valuable and where they reside, she said. Most security experts recommend rolling out DLP in stages to avoid disrupting end users. Data discovery projects can be tricky, according to Shey, because they often involve a mixture of IT professionals and business managers.

"DLP has got to be part of a complete data protection strategy," Shey said. "It's no simple deployment."

Solution providers say they receive requests from clients struggling to find ways to gain more insight into the data flow on their network. Gaining visibility into who the data owners are and the systems they access can provide valuable information for a variety of security projects, said Arthur Hedge, CEO of Morristown, N.J.-based managed security service provider Castle Ventures. The company has created a niche in monitoring security appliances, specializing in analyzing log data in HP ArcSight security information event management systems, according to Hedge.

A rising number of clients are requesting DLP and other logging products that track all system activity on file servers and report on signs of potential problems, Hedge said. The leaked National Security Agency documents, stolen by former government contractor Edward Snowden, has motivated some firms to get protections in place, he said.

"I think that most businesspeople ignore data breach reports they hear on the news, but the Edward Snowden news really started hitting home," Hedge said. "The CFO and other executives want to know what the company is doing to protect against another Snowden incident."

Over a 12-month period, businesses on average indicated they had 55 employee-related incidents of fraud, according to a study conducted by the Ponemon Institute, which specializes in information and privacy management practices. The study of more than 740 IT security pros found that insider threats were top of mind. Sixty-one percent of those surveyed said the threat of insider risk within their organizations was very high or high.

Some of the incidents cited by survey participants could have been detected by increased monitoring, DLP and other data protection technologies, according to the survey, which was commissioned by managed file transfer and fraud management software maker Attachmate. Incidents included the use of a co-worker's credentials to gain elevated rights, altering application controls to access or change sensitive information, and accessing private customer data with above-average frequency. Technology is required to enforce policy restrictions once employees receive security awareness training and are aware of appropriate data handling, said Larry Ponemon, chairman and founder of the Ponemon Institute.

"The findings suggest that the majority of organizations are not assigning the appropriate priority to the risk of insider fraud," Ponemon said. "Employee education and policies need to be supported by EFM [enterprise file management] solutions, DLP and other monitoring technologies."

Businesses are inundated with attacks from external threat actors, but technology must help prevent attacks and address the human fallibility factor, said Jerry Irvine, CIO of Schaumburg, Ill.-based Prescient Solutions, an IT outsourcing firm.

"You can't protect yourself against 100 percent of everything," Irvine said. "Many types of suspicious activities that take place go unchecked, but a manual review of event logs after a security incident often finds similar problematic occurrences happening again and again."

PUBLISHED DEC. 23, 2013