A new survey of cyber security professionals from information management company Nuix shows that businesses are placing greater emphasis on insider threats. The report reveals that 71 percent of respondents report that they have an insider threat program or policy, and 14 percent say that they allocate 40 percent or more of their budget to insider threats.
“The findings in this report are of no surprise — they represent the same issues and concerns that we’re advising our customers on every day,” says Keith Lowry, Nuix’s Senior Vice President of Business Threat Intelligence and Analysis. “First, there’s greater awareness of insider threats thanks to the public profiles of Chelsea Manning and Edward Snowden. It’s also easier to steal information; for example, you can copy key files onto a thumb drive in seconds. And finally, sadly enough, theft of internal records has become culturally more acceptable”.
People were reported to be ‘almost universally’ the biggest weakness in information security, ahead of technology and processes. Of the respondents that reported to have an insider threat or policy, 70 percent offer employee training to minimize risk. “The company employs intelligence teams that study different aspects of communications, user activity, social media, suspicious activity and other details,” said one respondent.
Worryingly, 31 percent of respondents say that they don’t know what people who have access to crucial data actually do with it. The cloud is an area of concern too, with 86 percent of respondents agreeing that it creates unique concerns including loss of visibility into the management of data and lack of regulatory compliance.