2014 Vormetric Insider Threat Report Shows Third Party Contractors and Compromised ’Privileged User’ Credentials Worry Financial Services Firms
April 2014 by Vormetric
Vormetric announced further analysis of its ‘Insider Threat’ report, conducted in 2014 with industry analyst firm Ovum. Focusing on just those responses from IT decision-makers at financial services organisations in France, Germany, and the United Kingdom (a total of 92 responses), the research reveals how firms in the financial sector are evaluating their exposure to insider threats, and the steps they are taking in order to mitigate the risks.
The nature of insider threats today has shifted to include malicious privileged insiders as well as the compromise of privileged user accounts by advanced malware. The research shows that controlling legitimate network access by third party contractors is a primary concern within the sector, as 55 percent of IT decision-makers at financial organisations rate this type of user as posing the biggest risk. Other types of users that were isolated as posing the biggest threat to financial organisations include ‘privileged users’ - such as IT and network administrators - at 43 percent, and non-technical employees with legitimate access to sensitive data and IT assets, also at 43 percent.
Other key findings from the report for financial services organisations:
76 percent of financial services organisations plan to increase spending specifically to address insider threats
The top driver for this spending increase is compliance (45 percent), with protecting reputation and the implementation of best practices the next greatest areas of concern
Just over half (52 percent) are finding insider threats harder to detect than last year
Cloud computing technology was a big concern, with 45 percent of European financial organisations finding insider threats harder to detect because of increasing use of cloud resources
The objective of the report is to establish the impact that insider threats are having on organisations. Insider threats involve the abuse or compromise of legitimate access to company data. This threat is forcing organisations to introduce privileged user data access policies to reduce the risk of hackers and APTs successfully using compromised administrator credentials to steal data. It also significantly limits the potential for abuse and data theft by privileged users such as root users and contract administrators.
"Typically, financial services firms’ very business is built on generating and processing the kind of data that cybercriminals dream of," said Alan Kessler, CEO at Vormetric. You may remember the case of the Korean Credit Bureau in January this year, when financial data belonging to a staggering 20 million South Koreans - 40 percent of the country’s entire population - was stolen as a result of insider theft. In this instance a third party contractor tasked with improving security systems is thought to have smuggled the data out using USB sticks, later selling the information to phone marketing companies. Organisations are struggling to know exactly who has access to what data at any one time - if you don’t know this you can’t make any assurances of its security."
The adoption of Cloud computing was also a top concern of European financial organisations, with 45 percent feeling it to be the leading cause of additional insider threat risk. These organisations have long used Cloud resources to enhance their raw compute power for analysing financial markets and investments, but continue to grow cloud usage in other areas as well.
"Enterprises grow their use of cloud computing to take advantage of the business flexibility and financial advantages it brings," said Daniele Catteddu, Managing Director EMEA for Cloud Security Alliance. "The research shows that they feel that there are additional security risks from this growth, and details how cloud providers can enhance their offerings to better meet enterprise security needs for offsetting insider threats."
The report also details top concerns with big data initiatives, a technology area where financial services firms are leading adopters. 69 percent of European financial services organisations cited the security of reports from big data projects that may include sensitive data as their leading big data concern.
"Organisations are moving ahead with big data implementations - both to drive business advantage and to enhance security," said Matt Asay, VP of Marketing and Business Development at MongoDB - a company whose technology supports big data implementations and a partner of Vormetric. "Results of the insider threat report show that organisations are clearly looking for solutions that can detect, defend and control access to digital assets from malicious and unauthorised individuals. MongoDB is enabling organisations to build modern applications for fraud detection, cyberthreat analysis, anti-terrorism and compliance."
To find out more about the risks posed by insider threats and for additional findings from the research with Ovum, visit the Vormetric website: http://bit.ly/1nYr41d
The 2014 Vormetric Insider Threat Report focuses on Europe’s three largest technology and business markets - France, Germany, and the United Kingdom (UK). Across these three markets 540 senior IT professionals and business managers, over 80 percent from mid-to-large enterprise organisations, were interviewed on the impact that insider threats have on their organisations and on how prepared they are to deal with insider activity.
This report was conducted by Ovum Research on behalf of Vormetric and with cooperation from Cloud Security Alliance (CSA), MongoDB, OASIS, Total Device, Security Innovation Network and Field Fisher Waterhouse.