Insider Attacks Are a Growing Threat

By Samuel Greengard

Despite a persistent stream of news reports focusing on hacking, spying and cyber-crime, the biggest threat resides within the enterprise, according to a recent report, “The Ominous State of Insider Threats” from Enterprise Strategy Group and data security provider Vormetric.

Overall, 54 percent of enterprise executives at large and midsize organizations believe it is more difficult to detect and prevent insider attacks today than it was in 2011. Moreover, 46 percent report that—despite a growing array of security tools, processes and resources—they are more vulnerable than ever to an insider attack.

“We are seeing a lot of data breaches that revolve around abuse of privileged user rights and other internal threats,” says Sol Cates, chief security officer at Vormetric. “The current environment creates an elevated IT and business risk.”

In fact, 63 percent of the survey respondents said they were vulnerable to abuse of privileged user rights by employees. In addition, 35 percent said they have concerns about cloud security, 36 percent expressed concern about network expansion and 27 percent are anxious about advanced persistent threats (APTs) that compromise insider credentials.

As organization accumulate more data and store it across disparate systems and in the cloud, the risks grow exponentially. Factor in a greater number of business partners and contractors accessing systems and critical data, and it’s clear that enterprise security teams are scrambling to keep up.

Only 3 percent of respondents believe they are “not at all vulnerable” to insider theft and attacks. An additional 24 percent said they are “not very vulnerable.” What’s more, 45 percent said they have changed their perspective based on Eric Snowden’s access to secret NSA data.

Although abuse of privileged user access ranked as the top concern, a number of other worries exist. They include abuse of access rights by other employees in the organization (61 percent); theft of physical devices containing data (58 percent); abuse of access rights by contractors (58 percent); application vulnerabilities (57 percent); compromised credentials as a result of a cyber-attack (51 percent); backdoors left in applications by in-house programmers or developers (49 percent); theft of privileged user accounts that are later used for an insider attack (48 percent); and the use of backdoors left in applications by contracted programmers or developers (41 percent). In addition, 39 percent view SQL injection as a threat.

The report points out that a number of high-profile breaches have occurred—partly because insider threats are increasingly difficult to detect and prevent. For example, more than 3.3 million bank accounts and 3.8 million tax returns were stolen in an attack directed at the South Carolina Department of Revenue in 2012. And The New York Times found itself in the crosshairs of a serious APT attack in early 2013. In both cases, cyber-crooks harvested insider credentials that allowed them to instigate and perpetuate the attacks.

Jon Oltsik, ESG senior principal analyst and report author, recommends that organizations use granular access controls and embrace the concept of “least privilege.” This is based on the concept of providing IT administrators and others with only the data necessary to do their work. In addition, organizations should use encryption and deploy continuous monitoring.

“The threat environment is changing,” warns Vormetric’s Cates. “A lot of the security tools designed to protect the perimeter were never designed to protect data. Organizations must re-evaluate their security posture to focus on the data.”