Insider Threat Remains Big Problem: Report

Friday, April 17, 2015 @ 04:04 PM gHale


The insider threat, whether accidental or malicious, continues to plague organizations and the problem is the companies have big holes when it comes to protecting themselves, new research said.

Nearly one third (32 percent) of respondents said they have no ability to prevent an insider attack, while 52 percent of respondents cannot size the potential damage, and 44 percent do not know what they are spending to address the threat, according to the report by SpectorSoft, which surveyed 772 IT security professionals.

RELATED STORIES
Threat Prevention Systems Not Enough
Social Engineering: Employees a Huge Risk
Affect of Attacks on Partners
BYOD, Cloud Security Risk Growing

Although almost three-fourths of respondents (74 percent) remain concerned primarily with employees, whether malicious or merely negligent, 44 percent of respondents said they don’t know how much they currently spend on solutions that mitigate insider threats. Similarly, 45 percent don’t know how much they plan to spend on insider threat technology in the next 12 months.

“I think the key first step businesses with smaller IT budgets can take to improve their insider defenses is to not use limited resources as an excuse” said Mike Tierney, chief operating officer of SpectorSoft. “Improved internal communication between HR and IT costs nothing, but goes a long way toward making sure that IT is able to react to elevated insider risk stemming from circumstances that only HR is aware of – like financial hardships, performance plans, and other personnel issues that can lead to disgruntlement.”

Having stronger administrative controls can also limit employee access to critical data.

As awareness of data loss increases, more organizations are starting to understand the importance of incident response plans, with 69 percent of respondents indicating they currently have one in place.

However, of those companies, more than half said their plan doesn’t incorporate special provisions for insider threats. That means 66 percent of respondents either do not have an insider response plan or have no incident response plan at all.

Causes behind these security gaps are numerous, with respondents citing lack of training, lack of budget and lack of internal staff as the three most significant reasons for lack of insider threat defenses.

In addition to budget and staffing woes, 28 percent of all respondents said insider threat detection and prevention is not even a priority in their organizations.



Leave a Reply

You must be logged in to post a comment.