Large enterprises are not doing enough to detect and address insider threats, a survey of more than 700 IT security decision-makers has revealed.
Less than a third of respondents said they block privileged user access to data to mitigate insider attacks, according to the 2013 insider threat study by security firm Vormetric and the Enterprise Strategy Group.
This means 73% of organisations polled are failing to block privileged user access to sensitive data, which is a proven method of reducing the insider threat to data security.
However, two-thirds use perimeter-focused network intrusion detection and prevention tools for this purpose, although the tools are designed to protect from external threats, not internal.
More than half said they use network traffic monitoring to identify and prevent data breaches.
More on privileged access
- Privileged accounts key to most APT attacks, says Cyber-Ark
- Stopping privilege creep: Limiting user privileges with access reviews
- Privileged user management a must for DBAs
- Privileged account policy: Securely managing privileged accounts
- Privileged accounts are hacker sweet spot
- Privilege access management: User account provisioning best practices
- Security Think Tank: Least privilege is key to blocking IP theft
- Intel CPU hardware vulnerable to a privilege escalation attack
- Windows security case study: Controlling Windows 7 user privileges
- Exchange Server administration policy: Managing privileged user access
“While IT decision-makers are concerned about insider threats and data breaches, they tend to rely on perimeter and network security tools, rather than securing the data at its source,” said Jon Oltsik, senior principal analyst at Enterprise Strategy Group.
“This research highlights that large organisations need to switch to data-centric security strategy to prevent and detect insider threats,” he said.
The study showed that more forward looking and sophisticated organisations are using technology approaches that are proven protections against malicious insiders and malware attacks that compromise insider credentials.
But these were in the minority, with only 40% monitoring privileged user activities, 48% reviewing sensitive data access only monthly, and 76% unable to detect unauthorised data access in realtime.
However, the study shows attitudes are changing, with 45% saying that Edward Snowden’s revelations about US internet surveillance has caused them to be more aware of insider threats.
Some 53% said they are increasing their security budgets to offset the problem in the next year, with 78% either using or planning to use data encryption and 70% using or planning to use data access controls.
“It is clear that organisations of all kinds are concerned with securing access to sensitive data,” said Alan Kessler, CEO of Vormetric.
“While many of the respondents are using more of the right security technologies and tools to help reduce their attack surface, a much larger group is falling short in taking the additional step to protect from insider threats and thwart attacks that steal insider credentials,” he said.