It seems that information security professionals are beginning to focus more on insider threats according to a new report by Ari Kaplan Advisors sponsored by Nuix. The survey shows that budgets have shifted toward internal security, rather than at the perimeter. Unfortunately more professionals know how much they spend on perimeter security than on remediating incidents, which may not be a good trend, but attitudes are shifting.
Almost three-quarters (71%) of respondents reported they have an insider threat program or policy, and 14% said they allocate 40% or more of their budget to insider threats. This is a positive trend as more organizations realize that the insider threat can be more damaging than external hackers, since trusted insiders have access to sensitive information as part of their daily jobs.
These are some highlights from the survey:
- 71% of respondents reported having an insider threat program or policy
- Although almost all respondents (93%) reported being able to identify their critical value data, only 69% said they knew what people did with the critical value data after they accessed it
- 82% of respondents said their organizations had a bring-your-own-device (BYOD) policy, compared to 69% of respondents who had one in 2014
- 93% of respondents claimed human behavior was the biggest threat to their organizations’ security, up from 88% in 2014
People were reported to be “almost universally” the biggest weakness in information security, ahead of technology and processes. Someone may be prompted to steal valuable data because they were passed over for a promotion or wanted to “get back” at some perceived slight. Of the respondents that reported to have an insider threat program or policy, 70% offer employee training to minimize risk. This is valuable, but a highly credentialed user with a grudge will still do something that may harm the company.
Because of high profile data breaches involving trusted insiders, more business and security leaders are focusing on insider threats and how best to mitigate the risk. The nature of business today makes it easy to steal critical data. If I have access to intellectual property or customer records, it’s easy to copy those files to a thumb drive and walk out the door. In many cases this is a legitimate action, since I may need to work on the files at home or share them with a colleague or business partner.
The best way to address insider threats is by protecting critical data as a user creates it. When a user creates a document, a security policy should automatically encrypt it and assign dynamic permission controls that control what the user can do with the information inside the document when it is opened. This permission control should travel with the document, so if a trusted insider shares it with an unauthorized user, the document becomes useless. The unauthorized user cannot read the content of the document.
Moving the focus from the perimeter to insiders is important to eliminate data breaches and mitigate the risk they can cause. Targeting critical value data for this type of protection ensures that a company can maintain its intellectual property and its competitive edge in the market.
Photo credit Mathew G