Keep Your Friends Close, Your Insiders Closer…

by in Security
No organization is immune from a data breach.  The fact is, your organization probably already has been breached.  A new survey from the CyberEdge Group and NetIQ shows you just where IT teams are finding the security vulnerabilities that can lead to breaches and audit findings.  The good news is it’s not hard to find the vulnerabilities. The bad news is the source of vulnerabilities is you – and the people within your organization.

2015 Cyberthreat Defense Report

High profile breaches are everywhere these days – and the media has done a great job of shining really bright lights on them; from the moment they happen to covering the consequences.  But damaging data breaches don't just happen to big name retailers or large government entities, we also see them in organizations of all kinds.  Today, the CyberEdge Group announced the results of its second-annual Cyberthreat Defense Report, a survey of over 800 IT security professionals across North America and Europe that delves deeply into their views on security threats, current defenses, and planned investments.  Sponsored in part by NetIQ, the survey found that cyber attacks are on the rise, while confidence in being able to defend against them is sinking:

  • 70 percent of respondents’ networks had been breached in 2014 — up from 62 percent in 2013 — with more than 20 percent breached six times or more.

  • 52 percent now believe a successful cyber attack is likely in the coming year — up from 39 percent in last year’s report.

Furthermore, survey respondents spoke very clearly to us about what they perceive as the biggest obstacles to getting effective security defenses in place.  Low security awareness among employees is cited as the greatest inhibitor to an effective defense, followed closely by lack of budget, and too much security data to analyze.   The concern about low security awareness among employees isn’t surprising when you pair that information with what cyberthreats IT pros say are keeping them up at night:

  • Phishing, malware, and zero-days concern respondents most

  • 59% saw a rise in mobile device threats in 2014

  • 23 percent aren’t confident in their ability to monitor what their privileged users are doing

Phishing attacks have been around for decades, and the now infamous Target breach is a classic example of how "everything old is new again", especially when a person is involved. More and more, security teams are finding that keeping sensitive organizational data secure is less about ineffective tools, and more about keeping users out of trouble.

People are our biggest security threat. And the biggest threat of all comes in the form of administrators and other power users (i.e. “privileged users.”) The credentials of privileged users are highly prized by cybercriminals because these users require elevated rights to do their jobs and to keep the business running.  It’s with these credentials that hackers can gain access to the most sensitive organizational data and do the most damage.

The good news is, the security professionals we spoke to aren’t idly standing by, waiting to be breached yet again. Sixty-one percent (61%) of them expect their IT security budgets to rise in 2015, up from 48% in last year’s report.  They are also planning for a future with better security defenses.  Among the technologies in use or planned for acquisition, security analytics, threat intelligence, and security information and event management (SIEM) are all at the top of the leader board.

By now, we all know that breaches of any kind are a huge threat to the security, reputation, and even financial performance of your company as well as the privacy of your customers.  The Cyberthreat Defense Report highlights a general lack of understanding that today the USER poses the most threat to our IT environment and sensitive data.  Accidents and oversights happen frequently, and hackers can also take on the credentials of a trusted insider and do great damage over a very long period of time.  In response, IT security professionals are recognizing that they need a different approach to solving today’s security challenges, one that helps them to achieve the right level of security intelligence they need to be successful.

Today’s security challenges need an approach that focuses on the inside threat first.  Users, especially privileged users, should receive only the access they need to do their jobs, and access controls should be enforced regardless of location.  Additionally, security monitoring of user activity should be integrated with “identity context”, elevating ordinary security event data from noise to real-time security intelligence that teams can use to detect and disrupt threats faster. NetIQ can help you with an approach we call Identity-Powered Security.  Next month, we’ll be at the RSA Conference, Booth #S1621 (South Expo Hall), where you’ll be able to experience a hands-on interactive demo showcasing several of our Identity-Powered Security solutions. Come see how “identity” can power security – to keep your insiders closer than ever before.