The data says it’s the data

In our last post we discussed four key takeaways from a recent research effort into the scope and nature of the insider threat. In this post, we’ll continue to explore the data …

… and the data says it’s the data you are most concerned about.

63% of survey respondents are most concerned with data leaks stemming from insider attacks. 29% are most concerned with IP Theft, 23% with espionage. Fraud was the only type of insider threat that ranked highly (36%) that was not directly about data getting into the hands of those who should not have it.

What data in particular? Customer data, intellectual property, sensitive financial, and company data (employee information, sales and marketing data, and healthcare related data) were the top types of data most vulnerable to an insider attack.

It’s also unsurprising that privileged users (such as managers with access to sensitive information) were the top choice for the user group that poses the biggest security risk. Often the privileged user term is used to refer to IT Admins and the like, but in this case 41% viewed that group as posing the biggest risk. (Note: there may be some built in bias here, as a lot of the respondents would fall into this group). “Regular” employees came in at 46%, about on a par with contractors and consultants.

Yet with all this concern about data being leaked, breached, or stolen by insiders, only 21% of organizations continuously monitor the behavior of the users on their network. And a significant plurality (48%) rely on server logs to provide visibility into user behavior. Server logs have a place, but when it comes to focused detection of insider attacks, they are simply not sufficient.

In the next and final post in this series, we’ll continue to break down the survey data and take a look at how organizations can begin to sharpen their focus on this problem.