Brian Jackson - Fotolia
Most organisations in Europe rely on outdated security technologies, exposing them to breaches by malicious or hapless insiders, a report has revealed.
The survey of 400 companies with more than 1,000 employees in the UK, France, Germany, Sweden and the Netherlands revealed that 80% rely on traditional approaches to security.
In a traditional approach, security systems are deployed that focus mainly on system protection. They are unable to detect and respond to user activites, which can result in systems being compromised.
Nearly a third of respondents do not use basic methods of breach detection, and fewer than one in five have any form of security analytics in place.
Duncan Brown, research director at IDC’s European security practice, said: “Security breaches are inevitable, but that is tough for security professionals to accept given the considerable budgets that are spent on prevention.
“The majority of organisations have experienced a data breach over the past two years, but the average time to discover a breach remains around eight months. It is clear that organisations need to detect breaches as they happen, and not wait for the damage to be done.”
Read more about the insider threat
- This survey of 500 cyber security professionals offers insight into the state of insider threats and solutions to prevent them.
- University of Greenwich data breach highlights the dangers of insider threats.
- Malicious employees are usually the focus of insider threat protection efforts, but accidents and negligence are often overlooked data security threats.
- This report from analyst group Quocirca looks at the challenges faced by organisations when it comes to the insider threat and the protection of sensitive information.
According to Brown, organisations should take an analytics-driven approach to detect threats early and respond effectively.
“This will help companies to deal with threats of all kinds – external attackers, hapless users and malicious insiders,” he said.
The survey shows that only 12% of respondents regard insider threats as being of high concern. More are concerned about viruses (67%), advanced persistent threats (APTs) (42%), phishing (28%) and poor user security practices (27%).
However, the IDC report notes that most of these attacks can be caused by hapless users unintentionally allowing their valid credentials or trusted access to be hijacked.
Poor understanding of the hapless user, the report said, means that organisations are looking in the wrong places to detect attacks and avoid breaches.
Organisations struggle to detect insider-based breaches, the report found. Respondents listed the top three obstacles to investigating threats from within the organisation as not knowing what to look for (40%), a lack of education and training (39%), and not understanding what normal looks like across different departments (36%).
According to the report, most organisations do not have the technologies, approaches or mindset to detect breaches once they occur.
The survey found that the majority of organisations across Europe are still using technology that is primarily designed to protect a traditional network-based perimeter.
While nearly all respondents recognise the need to use firewalls (98%) and anti-virus (96%), very few see the need to back them up with security analytics (15%) or user behaviour analytics and anomaly detection (12%) to detect breaches after they have happened.
“In the age of the ‘inevitable breach’, businesses across Europe need to adopt a detect and respond mentality,” said Haiyan Song, senior vice president of security markets at operational intelligence firm Splunk, which sponsored the IDC report.
“Threat patterns vary, so security teams need to take an analytics-driven approach with their security information and event management initiatives, using machine learning and anomaly detection to identify suspicious behaviour and malicious activity early.
“Using these solutions will help organisations further automate detection, conduct timely investigation and take the necessary steps to handle a breach, limiting the reputational and financial damage it can cause.”