Dealing With Insider IT Security Threats Requires New Approaches

by Chris Preimesberger

Servers and databases continue to hold the bulk of each organization’s structured and unstructured data assets and are responsible for the vast majority of high-profile data breaches. Controlling mobile devices is a concern because of their ever-growing use within operational environments, but the main issues when related to inside threat activity is how these devices are used as the source of access to data held in corporate servers and data centers.

When asked how safe they felt their organizations were to the threat of insider attacks, a mere 9 percent of European IT managers and security professionals who responded to the 2014 Vormetric Insider Threat Report said that their organizations were safe from attack; 26 percent said they felt vulnerable. Although a significant proportion of IT security budgets are spent on data protection, access control and user monitoring technology, companies still don’t feel totally safe.

A substantial 47 percent of U.S. respondents to the Ovum/Vormetric survey said they felt vulnerable to insider attacks. The European country feeling most vulnerable to these threats was Germany at 33 percent, with France and the U.K. both returning figures of 23 percent and 22 percent, respectively.

Insider threats are the most difficult to detect. Senior IT and business managers worry that these activities often do not show up on their security radar and are likely to go undetected. They also have significant concerns about everyday users, third-party business partners, contractors and service providers with their shared-access rights.

When European organizations were asked who posed the biggest internal threat to corporate data, almost half said everyday users; the next largest group was third-party service providers, followed by IT administrators and other IT staff. The top issues raised were about how best to keep tabs on and control users with legitimate access to sensitive company data and IT assets.

While in general being positioned as feeling less vulnerable than their U.S. counterparts, Europeans had greater anxiety about the theft of privileged-user credentials, compromised credentials and abuse of access rights. U.S. organizations agreed that privileged-user access abuse was important but were also worried about other employees and physical theft.

European organizations are planning to make increases in their information security budgets over the next 12 months because of insider threats. Two-thirds plan to increase their security budgets, and of the overall respondents, 23 percent were looking to achieve significant budget increases as a direct consequence of insider threats. In mid-March 2014, the European Union voted overwhelmingly to add further new data protection laws, adding further compliance pressure.

Traditional data protection, including the use of signature-based anti-malware products, continues to be thought of as the most effective means of addressing insider threats. This represents a misalignment between the data protection and user access vulnerabilities that exist within organizations and the security solutions. Organizations generally provide a broad-brush protection strategy against everyday malware attacks but do not have the capability to deal with targeted and advanced attacks that bypass traditional defenses.

Enterprises moving to the cloud are testing new IT security with better service-level commitments and liability terms for data breaches caused by service providers or other customers of the cloud providers, encryption of the organization’s SaaS/cloud data with local control maintained over encryption keys, and detailed physical and IT architectural implementation information being made available.

Existing security products and strategies are hindering, rather than helping, organizations. They remain vulnerable and need to do more to deal with insider threats that range from misuse of resources to targeted and malicious advanced persistent threats. They are often hindered by the fragmented security solutions that have been deployed to protect valuable data assets. What is required and often missing, due to legacy and cost-of-replacement issues, is an integrated platform approach to user and data protection.