Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats //

Insider Threats

3/19/2015
11:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Over a third of US IT professionals plan to launch an insider threat program this year

Continual high-profile internal security breaches prompt a surge in preventative measures against insider threat

London, United Kingdom, 19 March 2015 — 2015 is set to see a huge rise in the number of IT professionals taking action to address insider threat in their organizations, according to new research from IS Decisions. Currently 56% of IT professionals in the US have an insider threat program already in place, and 78% of those remaining, or 34% of the total, are planning to put one in place this year. A further 6% are planning an insider threat program within five years.

The findings are part of research revealed in IS Decisions’s new report User security in 2015 – the future of addressing insider threat. Based on a survey of 250 IT professionals in the US and 250 in the UK, the study found that combatting insider threat is high on the agenda following a string of high-profile internal security breaches. An average of 37% across the two countries are planning an insider threat program this year.

The research also found that IT professionals are spending more on security in general, with the proportion of IT budgets spent on security increasing by a third in the last year (based on research conducted by IS Decisions in November 2013). In addition, 73% stated that they expect their expenditure to increase further. However, a disproportionately tiny 3.6% of overall IT budget spend currently goes toward internal security issues.

IT professionals in 2015 are planning a combination of tactics to tackle insider threat, with the majority including ‘technology, tools and data’ (66%), and ‘organisation-wide security training and awareness’ (57%) in their plans.

However, IT professionals are also craving guidance on mitigating insider threat, with 91% believing that industry-wide collaboration is needed and 78% wanting clearer guidelines on tackling the issue.

François Amigorena, CEO of IS Decisions, said: “2014 has been dubbed by many as the ‘year of the breach’. We kept seeing big-name businesses hitting the news as a result of major internal security breaches week after week.

“That has carried over into 2015 to some extent with examples like the US health insurer Anthem. However, it looks like IT professionals are very much taking heed of what they’re seeing, meaning 2015 could be set to be the ‘year of tackling insider threat’.

“It’s also encouraging to see that IT professionals are not just thinking up hypothetical plans, they are putting their money where their mouths are in allocating budget. But there is a need there for more collaborative help and guidance, which is interesting given insider threat is an organisational issue. Clearly IT professionals are now open to working together to understand how best to address it.”

Download User security in 2015: the future of addressing insider threat.

Ends

About IS Decisions

IS Decisions makes it easy to safeguard and secure your Microsoft Windows and Active Directory infrastructure. With solutions for user access control, file auditing, server and desktop reporting, and remote installations, IS Decisions combines the powerful security today’s business world mandates with the innovative simplicity the modern user expects. Over 3,000 customers around the world rely on IS Decisions to prevent security breaches; ensure compliance with major regulations, such as SOX, FISMA and HIPAA; quickly respond to IT emergencies; and save time and money for the IT department.

IS Decisions is a Microsoft Silver Partner based in Biarritz, France. Customers include American Express, BAE Systems, BMW, Computer Sciences Corporation, FBI, Frito-Lay, GlaxoSmithKline, IBM, Lockheed Martin, Mitsubishi, Oxford University, South Wales Police, TimeWarner, United Nations Organization, US Department of Justice, US Department of Veterans Affairs and US Navy Marine Corps.

Media contacts

Ian McKee / Katie Ward / Sanjay Dove

Wildfire

[email protected]

+ 44 208 408 8000

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
When It Comes To Security Tools, More Isn't More
Lamont Orange, Chief Information Security Officer at Netskope,  1/11/2021
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3113
PUBLISHED: 2021-01-17
Netsia SEBA+ through 0.16.1 build 70-e669dcd7 allows remote attackers to discover session cookies via a direct /session/list/allActiveSession request. For example, the attacker can discover the admin's cookie if the admin account happens to be logged in when the allActiveSession request occurs, and ...
CVE-2020-25533
PUBLISHED: 2021-01-15
An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct ...
CVE-2021-3162
PUBLISHED: 2021-01-15
Docker Desktop Community before 2.5.0.0 on macOS mishandles certificate checking, leading to local privilege escalation.
CVE-2021-21242
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or a...
CVE-2021-21245
PUBLISHED: 2021-01-15
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to u...