Insider Threats Get More Difficult To DetectUser diversity and growth in network activity including cloud services are among reasons it's getting harder to guard against insider data breaches, says Fortune 1000 survey.
Iris Scans: Security Technology In Action(click image for larger view)
While Edward Snowden's name will forever be linked to his leak of classified National Security Agency data, it might come to stand for something else: The moment in time when insider threats became as important a security issue to government and other enterprises as advanced persistent threats.
A new survey of more than 700 Fortune 1000 IT pros indicates that the job of protecting against insider threats from employees, contractors or partners -- or those posing as authorized users -- is growing more difficult.
The survey findings, released this week by Enterprise Strategy Group, state that more than half (54%) of enterprise IT pros are finding insider threats more difficult to detect or prevent than they were in 2011. One reason is the increasing sophistication of malicious software that lets users gain legitimate internal access privileges to networks, applications and sensitive data.
[ The head of the National Security Agency defends the agency's actions. Read NSA Chief: Don't Dump Essential Security Tools. ]
"The barriers to network breaches are really melting away," said Alan Kessler, CEO of security vendor Vormetric, which sponsored the research. The firewalls that once kept potential intruders at bay "are essentially gone, because the adversaries are working from inside," he said in an interview with InformationWeek.
But there are other factors. Among survey respondents, 17% of whom work for government agencies or in education:
-- 37% point to the fact that there are more people -- employees, contractors and business partners -- with access to the network, making it more difficult to isolate suspicious behavior.
-- 36% say that the growing use of cloud computing at their organizations makes insider threat detection/prevention more difficult, as it increases the attack surface for insiders.
-- 35% say the growing volume of network activity also makes detection and prevention of insider attacks more difficult, as it makes it harder to baseline normal behavior and pinpoint anomalies.
1 of 2