Don’t think you are vulnerable to an insider threat? You might want to have a conversation with your IT department, then. According to Vormetric's 2015 Insider Threat Report, 93 percent of IT personnel think their company is at risk from an insider threat. Also, 59 percent of respondents worry about privileged users or employees who have high-level access to very sensitive data, who are considered to be the company’s greatest threat.
Thanks in part to the recent Sony hack, insider threats and the dangers they pose are getting a lot more attention than they have in the past. But as Eric Guerrino, executive vice president of the Financial Service Information Sharing and Analysis Center, was quoted in eSecurity Planet, insider threats have been a problem for a long time and a top focus area for security concerns. It’s just that now those beyond IT and security staff are beginning to grasp the severity of the issue.
The issue has also been the topic of a number of surveys recently. SolarWinds also conducted a study on insider threats, but their focus was more narrow. According to a release, the survey covered the opinions of 200 IT and security professionals within the federal government, including military and intelligence agencies. These are organizations with some of the highest levels of security clearances and IT security measures. Yet, the study discovered that 53 percent of federal IT pros identified careless and untrained insiders as the greatest source of IT security threats at their agencies, an increase of nearly 10 percent from last year. Plus, 64 percent believe that insider threats pose more danger than an outside threat.
It is clear that IT personnel are worried about insider threats, and despite more awareness of the damage that security incidents can cause and the steps that can be taken to decrease risks, the number of professionals who worry about that insider threat is on the rise.
The eSecurity Planet article includes a list of recommendations from the Vormetric survey on what companies can do to protect against the insider threat. I noticed that one recommendation is to focus more on the data:
Data protection initiatives need to follow the data -- protecting data at rest wherever it resides. For most organizations, this will involve protecting data held in both traditional environments (on-premise databases and servers) as well as newer big data applications and data used in public, private and hybrid cloud implementations.
This is something I’m hearing more frequently, that security needs to focus more on the data rather than on the perimeter. In the case of insider threats, that has to be the case. They are already inside the perimeter of the network, after all. The question is how to best take that approach and shift gears in the way we think about security overall. It’s a question that I plan to look into more in depth.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba