Businesses Struggle to Counter Insider Threats

Application users are most likely to cause a security breach because of negligence, as monitoring is mainly done by ad hoc or manual systems.

observeit and security

While companies and their employees are becoming increasingly dependent upon applications to achieve business goals and increase productivity, the proliferation of applications is creating a serious security threat, according to a survey of 610 U.S. IT and IT security practitioners, sponsored by ObserveIT and conducted by the Ponemon Institute.

Audits and formal assessments reveal deficiencies in monitoring application access and usage, according to 71 percent of respondents. Only eight percent of respondents say their organizations have deployed commercial auditing and monitoring solutions for application access and usage.

The report indicated application users are most likely to cause a security breach because of negligence. Monitoring is mainly done by ad hoc or manual systems (36 percent of respondents) or homegrown tools that focus on privileged users (20 percent).

"The old assumption of focusing just on administrators needs to go out the window," Paul Brady, CEO of ObserveIT, told eWEEK. "Effectively managing insider threats requires businesses to first limit access to the areas that employees need to use to complete their jobs. Providing broad access to business critical applications, regardless of job responsibility, will lead to misuse. Most importantly, relying on system logs to try and understand actual data usage doesn’t work--only 10 percent of insider threats were able to be identified by forensic investigators using systems logs, leaving a gaping security hole."

In addition, current monitoring capabilities are unable to detect unusual behavior and get very low marks from 45 percent of respondents.

"When you compare the sheer number of business users to IT administrators in most large organizations, it is a whopping 20 to 1. With this massive amount of business users, the volume of activity and necessary access to critical and sensitive applications and data combine to form a huge security risk to the organization," Brady said. "In addition, companies have ignored what less privileged business users do with their access to applications and data. Businesses have traditionally placed most of their security focus on protecting their systems, databases, network devices and other IT infrastructure rather than the applications holding their most sensitive asset--their data."

With respect to the monitoring of application usage, 49 percent of respondents said they do not agree or are unsure (29 percent) that the front end is as secure as back end data storage infrastructures.

Similarly, the majority of respondents (54 percent) say it is difficult to separate application user abuse from external attacker activity.

"We have customers across all industry verticals that resoundingly agree that access to customer data and other sensitive information is necessary for business, but they struggle with how to understand how that access is being used," Brady said. "They have relied for so long on system data as the main security data source that trying to understand user behavior and usage of data is emerging as a critical security challenge."