Businesses Struggle to Counter Insider Threats
Application users are most likely to cause a security breach because of negligence, as monitoring is mainly done by ad hoc or manual systems.While companies and their employees are becoming increasingly dependent upon applications to achieve business goals and increase productivity, the proliferation of applications is creating a serious security threat, according to a survey of 610 U.S. IT and IT security practitioners, sponsored by ObserveIT and conducted by the Ponemon Institute. Audits and formal assessments reveal deficiencies in monitoring application access and usage, according to 71 percent of respondents. Only eight percent of respondents say their organizations have deployed commercial auditing and monitoring solutions for application access and usage. The report indicated application users are most likely to cause a security breach because of negligence. Monitoring is mainly done by ad hoc or manual systems (36 percent of respondents) or homegrown tools that focus on privileged users (20 percent). "The old assumption of focusing just on administrators needs to go out the window," Paul Brady, CEO of ObserveIT, told eWEEK. "Effectively managing insider threats requires businesses to first limit access to the areas that employees need to use to complete their jobs. Providing broad access to business critical applications, regardless of job responsibility, will lead to misuse. Most importantly, relying on system logs to try and understand actual data usage doesn’t work--only 10 percent of insider threats were able to be identified by forensic investigators using systems logs, leaving a gaping security hole."
In addition, current monitoring capabilities are unable to detect unusual behavior and get very low marks from 45 percent of respondents.