A new report on mitigation efforts within the enterprise reveals the majority of organizations are failing to take the necessary steps to counter potential losses due to insider threats.
Chief among the concerns is the lack of access controls for privileged users, leaving sensitive data like intellectual property and other valuable proprietary information vulnerable to exfiltration from within the organization.
“While the security community has focused its attention on advanced malware over the past few years,
insider threats (i.e., threats posed by employees, third parties, or malicious software that uses legitimate access rights to networks, applications, and sensitive data as an attack vector) continue to present a number of challenges for many organizations,” the report states.
Key findings include:
- The majority of organizations (54%) believe that insider threats are becoming more difficult to detect/prevent and that they remain vulnerable to insider attacks. Why? IT scale (i.e., number of users, devices, network packets, etc.), cloud computing, and advanced malware threats provide the necessary cover for insiders to hide their attacks among typical IT activities.
- Organizations continue to invest in perimeter and host-based security technologies like firewalls, IDS/IPS, and antivirus software, but these security defenses are no match for knowledgeable insiders and sophisticated cyber adversaries who have the right access, skills, and tactics to easily circumvent security controls, steal valuable data, and cause massive damage.
- Data reveals that security conscious organizations are increasing their investments in technologies for granular data access,encryption, key management, and data security intelligence. This is a leading indicator of the future market direction. Given increasing deperimeterization, data-centric security will move to the mainstream built upon five key cornerstones: identity, policy, infrastructure based policy enforcement, data specific policy enforcement, and situational awareness.
Categories: Top Security Stories