When Security Breaches Come From Within
93% of U.S. respondents say they feel vulnerable to insider attacks. Only 7% feel safe. 59% believe privileged users pose the most threats to their organizations.
Preventing a data breach is the highest or second-highest priority for IT security spending, according to 54% of respondents.
46% of American respondents believe the cloud environment is the greatest risk for loss of sensitive data in their organization, yet 47% said databases have the greatest amount of sensitive data at risk.
44% of American respondents said their organization experienced a data breach or failed a compliance audit last year. 34% said their organizations are protecting sensitive data because of a breach at a partner or competitor.
55% of global respondents believe privileged users are the greatest threat. Contractors and service providers followed at 46%, business partners at 43%.
The top three places by volume where data is at risk: Databases (47%), File Servers (39%), Cloud (37%)
“Corporate servers and databases pose the highest risk, yet spending remains stubbornly focused on endpoint and mobile,” according to the report. “Only 20% of sensitive company data is held on mobile devices.”
In the wake of the Snowden case, respondents named insider positions posing the greatest threat: Privileged Users: 55%, Contractors and Service Providers: 46%, Business Partners: 43%, Ordinary Employees: 35%, Executive Management: 28%, Other IT Staff: 25%
Although security spending increased 10% in 2014 and double-digit growth is expected this year, the report said spending is unfocused.
Only one-half of all businesses have deployed privileged access-identity management technology (PAM or PIM) although there is progress because privileged user access is at the top of senior management’s agenda.
Address BYOD and mobile data protection concerns through improved data monitoring and increasing data protection through encryption.
Rather than spreading funds across a wide range of security protection solutions, the report recommends risk-based strategies for the protection of sensitive data, monitoring and reporting on usage, and controlling user access, including encryption-based data protection and protecting data in transit between corporate systems.