Insider Threats Are Hard to Stop

Just because companies are more aware of insider threats than ever doesn't mean they've figured out how to top the associated risks to their networks and sensitive data. A new report, "Privileged User Abuse & The Insider Threat," produced by the Ponemon Institute on behalf of defense and aerospace systems maker Raytheon, suggests that employees with access to privileged data (such as health care records, intellectual property or customer information) are frequently putting that data at risk despite measures taken to offset that risk. "This survey should serve as a wakeup call to every executive with responsibility for protecting company or customer sensitive data," says Raytheon Vice President Jack Harrington. "While the problem is understood, the solutions are not." In assembling the report, Ponemon Institute surveyed 693 "privileged users," including network engineers, database administrators, information security practitioners and cloud custodians. The findings indicate that not only are many organizations not doing enough to protect against insider threats, but the steps they are taking are proving ineffective. "If privileged users want to do bad things," Harrington adds, "their elevated access to the company network makes it easier for them."