Privileged insiders pose biggest threat to data, warns Vormetric

The privileged insider is the bane of IT decision makers, according to Vormetric which today issued the European findings of its 2015 Insider Threat survey.

Among German and British respondents, 54 percent believe that privileged users – which include system administrators, database administrators and network administrators – are the single biggest risk to their organisation. This compares to 38 percent who held that view in last year's survey.

Only 13 percent of respondents said  that their organisations were not vulnerable to insider threats.

The insider threat does not just include deliberate data theft but also the inadvertent loss of critical information, so those with greatest access to data are automatically seen as a higher risk. In addition, privileged users are more likely to be targeted with spearphishing attacks.

Other key findings of the report included:

  • Although 51 percent of UK respondents and 44 percent of German respondents are increasing spending to offset threats to data, this lags behind 62 percent in the US
  • 40 percent of UK respondents reported that their organisations have encountered a data breach or failed a compliance audit in the last 12 months
  • Compliance was identified by respondents as still the top reason for securing sensitive data in Europe (56 percent), but reputation and brand protection are close behind (54 percent)
  • Top European IT security spending priorities identified by respondents were protection of Intellectual Property (52 percent) and preventing a data breach incident (48 percent)

“With 40 percent of UK firms either being breached or failing a compliance audit in the last year, we are clearly a long way from anything approaching adequate data security,” said Alan Kessler, CEO of Vormetric.  “Part of the problem is an over-emphasis on compliance. With insider-related attacks changing by the hour, you can think of today's compliance mandates as requiring organisations to use the weapons of yesterday to fight today's battles. Given this reality, encryption and access controls are increasingly the weapons of choice today to protect organisation's critical data.”

Also view SC's Webinar: 'The Insider Threat Report - Europe. Areas of concern for 2015 and beyond' which goes live 2.0pm 18th June, discussing the findings, with Q&A to follow.