Businesses Lack Investment to Prevent Insider Threats
As awareness of data loss increases, more organizations are starting to understand the importance of incident response plans.Most organizations have gaping security holes when it comes to protecting themselves against insider threats, according to a SpectorSoft survey of 772 IT security professionals. Nearly a third (32 percent) of respondents said they have no ability to prevent an insider attack, while 52 percent of respondents cannot size the potential damage, and 44 percent do not know what they are spending to address the threat. Although almost three-fourths of respondents (74 percent) are concerned primarily with employees, whether malicious or merely negligent, 44 percent of respondents said they don’t know how much they currently spend on solutions that mitigate insider threats. Similarly, 45 percent don’t know how much they plan to spend on insider threat technology in the next 12 months. "I think the key first step businesses with smaller IT budgets can take to improve their insider defenses is to not use limited resources as an excuse. There are no-cost and low-cost, both in terms of dollars and effort, steps that all businesses can take," Mike Tierney, chief operating officer of SpectorSoft, told eWEEK. "Improved internal communication between HR and IT costs nothing, but goes a long ways toward making sure that IT is able to react to elevated insider risk stemming from circumstances that only HR is aware of – like financial hardships, performance plans, and other personnel issues that can lead to disgruntlement."
Tierney said having access controls in place to limit employee access to critical data is essential. Native tools can help accomplish the task without significant investments, he noted.