Brian Jackson - Fotolia

Most European firms ill equipped for insider security breaches

Nearly a third of European firms do not use basic methods of breach detection, and fewer than one in five have any form of security analytics in place, a survey has revealed

Most organisations in Europe rely on outdated security technologies, exposing them to breaches by malicious or hapless insiders, a report has revealed.

Although insiders continue to be one of the top causes of data breaches, the insider threat is still poorly understood by European organisations, according to the report by IDC.

The survey of 400 companies with more than 1,000 employees in the UK, France, Germany, Sweden and the Netherlands revealed that 80% rely on traditional approaches to security.

In a traditional approach, security systems are deployed that focus mainly on system protection. They are unable to detect and respond to user activites, which can result in systems being compromised.

Nearly a third of respondents do not use basic methods of breach detection, and fewer than one in five have any form of security analytics in place.

Duncan Brown, research director at IDC’s European security practice, said: “Security breaches are inevitable, but that is tough for security professionals to accept given the considerable budgets that are spent on prevention.

“The majority of organisations have experienced a data breach over the past two years, but the average time to discover a breach remains around eight months. It is clear that organisations need to detect breaches as they happen, and not wait for the damage to be done.”

Read more about the insider threat

According to Brown, organisations should take an analytics-driven approach to detect threats early and respond effectively.

“This will help companies to deal with threats of all kinds – external attackers, hapless users and malicious insiders,” he said.


The survey shows that only 12% of respondents regard insider threats as being of high concern. More are concerned about viruses (67%), advanced persistent threats (APTs) (42%), phishing (28%) and poor user security practices (27%).

However, the IDC report notes that most of these attacks can be caused by hapless users unintentionally allowing their valid credentials or trusted access to be hijacked.

Poor understanding of the hapless user, the report said, means that organisations are looking in the wrong places to detect attacks and avoid breaches.

Organisations struggle to detect insider-based breaches, the report found. Respondents listed the top three obstacles to investigating threats from within the organisation as not knowing what to look for (40%), a lack of education and training (39%), and not understanding what normal looks like across different departments (36%).

According to the report, most organisations do not have the technologies, approaches or mindset to detect breaches once they occur.

The survey found that the majority of organisations across Europe are still using technology that is primarily designed to protect a traditional network-based perimeter.

Security analytics

While nearly all respondents recognise the need to use firewalls (98%) and anti-virus (96%), very few see the need to back them up with security analytics (15%) or user behaviour analytics and anomaly detection (12%) to detect breaches after they have happened.

Less than half of respondents have either a dedicated incident response team (41%) or a security operations centre (34%) in place.

“In the age of the ‘inevitable breach’, businesses across Europe need to adopt a detect and respond mentality,” said Haiyan Song, senior vice president of security markets at operational intelligence firm Splunk, which sponsored the IDC report.

“Threat patterns vary, so security teams need to take an analytics-driven approach with their security information and event management initiatives, using machine learning and anomaly detection to identify suspicious behaviour and malicious activity early. 

“Using these solutions will help organisations further automate detection, conduct timely investigation and take the necessary steps to handle a breach, limiting the reputational and financial damage it can cause.”

Read more on Privacy and data protection