Insider Threat Real; Protection Weak

Friday, May 23, 2014 @ 01:05 PM gHale

Insider threats are real and more abundant than outside attacks and organizations have heightened their awareness, but struggle with how to mitigate the risk of the “human factor” and protect information assets, a new report said.

Privileged users have always posed a threat to companies, whether they expose information inadvertently or with malicious intent. In the aftermath of Edward Snowden’s revelations and Wikileaks, “awareness is high — 88 percent recognize insider threats are cause for alarm,” believing that the risk of privileged user abuse will grow or remain the same in the next two years, said Michael Crouse, director of insider threat strategies at Raytheon, the company that commissioned the study from the Ponemon Institute entitled “Privileged User Abuse & The Insider Threat.”

Aware of Info Loss, Data Still Not Secured
Major Update to ICS Security Guide
NIST Guidelines: Start with Security
Pressure Ratchets Up for Security Pros

But, Crouse said, 69 percent don’t have tools that provide contextual information or the ones they do have generate too many false positives.

The findings come from a survey of 693 respondents qualified as privileged by their level of access to the IT networks, enterprise systems, applications and information assets in their organizations. Of those respondents, 75 percent said they required privileged status to do their jobs, the other 25 percent said they didn’t, but had it anyway for two main reasons — 38 percent said coworkers at their level had access for no particular reason and their organizations didn’t revoke access when their roles changed within the company.

That reflects a common problem revealed in the survey. Organizations simply don’t have policies for assigning privileged user access, according to 49 percent of the respondents. Although, there has been an uptick — from 31 percent in 2011, the first year Ponemon published this report, to 35 percent in 2014 — in the number of organizations that have well-defined policies in place, centrally controlled by corporate IT.

That’s a situation that organizations must remedy soon, considering that 55 percent of the respondents said curiosity, not job necessity, drove them to access information and 73 percent believe they have the authority, feel empowered, to access data.

“What they do with information is where the rubber meets the road,” Crouse said. “Companies need to bolster guidelines for what people are doing with it.”

Click here to register to download the report.

Leave a Reply

You must be logged in to post a comment.