Nearly 90% of IT professionals believe the ‘insider threat’ is cultural not a tech issue.
Only 1 in 10 UK companies are aware they can use a technology solution to actively manage & reduce the threat from within
The vast majority (86%) of IT professionals consider insider threats to be a purely cultural issue, and are not aware that technology can help them address internal security issues, a research report from security software provider IS Decisions has revealed. Despite IT professionals estimating an average of 19% of employees in their organisations are sharing passwords, they are failing to look to technology to help address the problem.
The report, entitled ‘The Insider Threat Security Manifesto: Beating the threat from within’, suggests that many IT professionals are complacent about the issue of internal security. Among those IT professionals using Microsoft Active Directory, 55% believe that the directory service has no security loopholes, while 86% believe their user access policy is effective. This is despite the fact that Active Directory provides only basic security measures, allowing concurrent user logins and offering very limited functionality for monitoring and controlling network access.
Also highlighted in the report is the importance of compliance in relation to insider threats, with many industry regulations such as Sarbanes Oxley and PCI DSS having specific requirements with regards to the safeguarding of data from employees. However, awareness of these regulations was revealed to be low among IT professionals, with 50% of IT professionals not aware if their organisations are PCI compliant or not, for instance.
François Amigorena, CEO of IS Decisions commented, “It is shocking to see how limited awareness is among IT professionals of technology’s power to help with internal security. The kind of granular user management required, restricting access on a user, device, and department level basis and preventing concurrent logins, is not possible using Active Directory alone, but specialist technology like IS Decisions’ product UserLock can help here.”
That said, any approach to tackling insider threats must address the cultural issue too; systems must be defended with security policies and staff must understand those. The problem of relying on a policy alone is that it relies on humans, and unfortunately humans make mistakes and forget things! Again, technology can help here by use of automated warnings via the security software to the user.”
Download The Insider Threat Manifesto: Beating the threat from within for more information.
Contents
- Where insider threats sit on the IT security agenda
- The Edward Snowden effect: is awareness of insider threats growing?
- Password Sharing and where the threat lies
- Active Directory and Insider Threats
- Network management and compliance
- Ten steps to beating insider threats
- Conclusion