Insider Threats Are Hard to Stop

By Tony Kontzer | Posted 2014-06-23

1 of

Persistent Risk

88% of respondents expect the risk of privileged user abuse to increase or stay the same over the next 12 to 24 months.
Slow Response

69% of respondents said their organization lacks the ability to identify insider threats quickly enough.
Blind Spot

42% are not confident that their company has sufficient visibility to determine if users are compliant with policies.
Throwing Darts

49% of respondents describe the process of assigning privileged user access as "ad hoc," only a 2% drop since 2011.
Deficient Detective Work

57% believe that most organizations, when issuing privileged credentials, are coming up short on background checks.
Outside Influence

Incidents such as the Wikileaks and Snowden scandals have taken a toll: 58% of respondents said their concerns have grown as a result.
Barriers to Responding to Insider Threats

Company culture: 31%, Dispersed workforce: 27%, Cost: 16%, Lack of expertise: 15%, Outdated IT infrastructure: 10%
Most Vulnerable Data Types

Business information: 56% of respondents, Customer information: 49%, Employee information: 35%, Intellectual property: 33%
Tech Comes Up Short

69% of respondents said their security tools don't provide the context to determine the intent of insider threats.
False Positives

59% of respondents said the tools the organization uses yield too many false positives.
Target: User Access Rights

47% of respondents believe malicious insiders will use social engineering or other measures to obtain a user's access rights, up from 21% in 2011.
Driven by Curiosity

65% of respondents said malicious insiders access sensitive or confidential data out of curiosity, not job necessity.
View All Slideshows >

Just because companies are more aware of insider threats than ever doesn't mean they've figured out how to top the associated risks to their networks and sensitive data. A new report, "Privileged User Abuse & The Insider Threat," produced by the Ponemon Institute on behalf of defense and aerospace systems maker Raytheon, suggests that employees with access to privileged data (such as health care records, intellectual property or customer information) are frequently putting that data at risk despite measures taken to offset that risk. "This survey should serve as a wakeup call to every executive with responsibility for protecting company or customer sensitive data," says Raytheon Vice President Jack Harrington. "While the problem is understood, the solutions are not." In assembling the report, Ponemon Institute surveyed 693 "privileged users," including network engineers, database administrators, information security practitioners and cloud custodians. The findings indicate that not only are many organizations not doing enough to protect against insider threats, but the steps they are taking are proving ineffective. "If privileged users want to do bad things," Harrington adds, "their elevated access to the company network makes it easier for them."

Tony has been writing about the intersection of technology and business for more than 20 years and currently freelances from the Grass Valley, Calif., home where he and his wife are raising their two boys. A 1988 graduate of the University of Missouri-Columbia School of Journalism and regular contributor to Baseline since 2007, Tony's somewhat infrequent Twitter posts can be found at http://twitter.com/tkontzer.

Insider Threats Are Hard to Stop

Persistent Risk

Slow Response

Blind Spot

Throwing Darts

Deficient Detective Work

Outside Influence

Barriers to Responding to Insider Threats

Most Vulnerable Data Types

Tech Comes Up Short

False Positives

Target: User Access Rights

Driven by Curiosity