The security threat 88 percent of companies are missing

Let’s say you’ve been tasked with assessing and updating your company’s security technologies. First, you take stock of the threats it’s recently faced. You investigate system failures, third-party attacks and instances of phishing, ransomware and malware. You compare your firewalls and antivirus software to other organizations in your industry to ensure you’re up to speed with the latest breach prevention technology.

What are you missing?

A recent IDC survey of more than 400 organizations in Europe found that most companies fail to understand one of the top causes of data exposure – insider threats. Although IDC reports that most security attacks are caused by users unintentionally losing track of their system access credentials, only 12 percent of respondents regarded insider threats as highly concerning. Significantly more users were concerned with the below threats:

  • Viruses (67 percent)
  • Advanced persistent threats (APTs) (42 percent)
  • Phishing (28 percent)

This disparity is concerning in itself. When organizations fail to understand users, they face an extreme disadvantage in detecting user-based breaches. Survey respondents’ top security obstacles reflected this divide, as organizations claimed they were unaware of how to discover insider threats, felt inadequately trained and educated on the topic, and didn’t understand how normal operations should appear across departments in their organizations.

Curing insider blindness with security analytics

Identifying insider threats is easier than you think – when your company defines and follows a dedicated process for it. In the survey, titled “Detecting and responding to the accidental breach: The impact of the hapless user,” IDC analyst Duncan Brown notes a critical part of any effective security plan is the understanding that security breaches are inevitable. “Accepting this is not to take a negative stance,” says Brown, “but to accept the reality of today’s dynamic threat landscape.

Organizations need to shift focus away from the outcome of a breach, such as the introduction of malware, and concentrate on the issue’s source – user behavior. When users are educated about safe data management practices and IT managers can audit their progress, the company stands a significantly improved chance of warding off threats. Brown writes:

“Real-time analytics of user behavior can detect activity that unintentionally exposes the organization to increased risk, and this can be stopped before real damage is done. Responding to an action when it happens is an extremely effective way of educating the user community: this stops users from being hapless and teaches them behaviors that exemplify good security practice.” 

Learn more about auditing user behavior to protect sensitive data.

  Like This
Andrew Hay

Andrew Hay

With over 15 years of data security experience in various roles inside organizations as well as advising them, Andrew serves as the chief information security officer at DataGravity. He is responsible for the development and delivery of the company’s comprehensive data security strategy. Prior to DataGravity, Andrew was the director of research at OpenDNS (acquired by Cisco) and the director of applied security research and chief evangelist at CloudPassage.