How To Protect Your Organization From Insider Threats



Similar documents
2015 VORMETRIC INSIDER THREAT REPORT

2015 VORMETRIC INSIDER THREAT REPORT

Data Centric Security

Cloud Data Security. Sol Cates

SECURING SENSITIVE DATA WITHIN AMAZON WEB SERVICES EC2 AND EBS

Data Center security trends

2015 VORMETRIC INSIDER THREAT REPORT

A BUSINESS CASE FOR BEHAVIORAL ANALYTICS. White Paper

2015 VORMETRIC INSIDER THREAT REPORT

Cloud Data Security and the Insider Threat

2012 Bit9 Cyber Security Research Report

Nine recommendations for alternative funds battling cyber crime. kpmg.ca/cybersecurity

Securing Sensitive Data within Amazon Web Services EC2 and EBS

Chairman Johnson, Ranking Member Carper, and Members of the committee:

CyberArk Privileged Threat Analytics. Solution Brief

APT Protection Via Data-Centric Security. Alan Kessler President and CEO Vormetric

The Impact of Cybercrime on Business

Teradata and Protegrity High-Value Protection for High-Value Data

Room for improvement. Building confidence in data security. March 2015

IDENTITY & ACCESS. Privileged Identity Management. controlling access without compromising convenience

Global IT Security Risks

I ve been breached! Now what?

2015: Time to. Rethink Enterprise IT Security Black Hat Attendee Survey. Download. Subscribe. Previous. Next. Next. Previous. Next.

White. Paper. The 2013 Vormetric Insider Threat Report. Written By Jon Oltsik, Senior Principal Analyst, ESG. October Administered by ESG.

With Great Power comes Great Responsibility: Managing Privileged Users

State of Security Survey GLOBAL FINDINGS

AD Management Survey: Reveals Security as Key Challenge

Managing the Unpredictable Human Element of Cybersecurity

Stay ahead of insiderthreats with predictive,intelligent security

ACE European Risk Briefing 2012

About SecuPi. Your business runs on applications We secure them. Tel Aviv, Founded

Internet threats: steps to security for your small business

Privilege Gone Wild: The State of Privileged Account Management in 2015

Federal Cyber Security Outlook for 2010

ITAR Compliance Best Practices Guide

Encryption, Key Management, and Consolidation in Today s Data Center

How To Find Out What People Think About Hipaa Compliance

Protecting What Matters Most. Terry Ray Chief Product Strategist Trending Technologies Session 11

How To Protect Your Endpoints From Attack

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

The Advanced Cyber Attack Landscape

Addressing APTs and Modern Malware with Security Intelligence Date: September 2013 Author: Jon Oltsik, Senior Principal Analyst

CYBERSECURITY IN HEALTHCARE: A TIME TO ACT

Developing National Frameworks & Engaging the Private Sector

Evolution Of Cyber Threats & Defense Approaches

Cyber security: Are Australian CEOs sleepwalking or a step ahead? kpmg.com.au

INFORMATION SECURITY CYBER LIABILITY RISK MANAGEMENT. October Sponsored by:

CYBER SECURITY AND RISK MANAGEMENT. An Executive level responsibility

WHAT EVERY CEO, CIO AND CFO NEEDS TO KNOW ABOUT CYBER SECURITY.

Encryption Doesn t Always Protect Your Data. Presented by: Joe Sturonas PKWARE

Privilege Gone Wild: The State of Privileged Account Management in 2015

CHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES

SIEM is only as good as the data it consumes

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

Enterprise Data Protection

The Five Most Common Cyber-Attack Myths Debunked

An New Approach to Security. Chris Ellis McAfee Senior System Engineer

2012 Endpoint Security Best Practices Survey

Datacenter Hosting - The Best Form of Protection

Cloud Assurance: Ensuring Security and Compliance for your IT Environment

Identity Centric Security: Control Identity Sprawl to Remove a Growing Risk

Protecting Your Data, Intellectual Property, and Brand from Cyber Attacks

BIG SHIFT TO CLOUD-BASED SECURITY

Leveraging Privileged Identity Governance to Improve Security Posture

CIP Supply Chain Risk Management (RM ) Statement of Jacob S. Olcott Vice President, BitSight Technologies January 28, 2016

AB 1149 Compliance: Data Security Best Practices

VORMETRIC DATA THREAT REPORT

Formulate A Database Security Strategy To Ensure Investments Will Actually Prevent Data Breaches And Satisfy Regulatory Requirements

Countering Cyber Attacks with Big Data and Analytics

Managing IT Security with Penetration Testing

Cenzic Product Guide. Cloud, Mobile and Web Application Security

Aftermath of a Data Breach Study

Hacking Crisis Highlights Crypto Chaos

How To Handle A Threat From A Corporate Computer System

Peer Research Cloud Security Insights for IT Strategic Planning

Securing and protecting the organization s most sensitive data

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

The Evolving Threat Landscape and New Best Practices for SSL

MOBILE SECURITY: DON T FENCE ME IN

IT SECURITY RISKS SURVEY 2014: A BUSINESS APPROACH TO MANAGING DATA SECURITY THREATS

Software that provides secure access to technology, everywhere.

End-user Security Analytics Strengthens Protection with ArcSight

Developing an Architectural Framework towards achieving Cyber Resiliency. Presented by Deepak Singh

Website Security: It s Not all About the Hacker Anymore

The Path Ahead for Security Leaders

State of Network Security 2014

SMALL BUSINESS REPUTATION & THE CYBER RISK

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

Prevent cyber attacks. SEE. what you are missing. Netw rk Infrastructure Security Management

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: A SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN THE ASIA-PACIFIC REGION

January IIA / ISACA Joint Meeting Pre-meeting. Cybersecurity Update for Internal Auditors. Matt Wilson, PwC Risk Assurance Director

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Solution Path: Threats and Vulnerabilities

Understanding Security Complexity in 21 st Century IT Environments:

Retail Security: Enabling Retail Business Innovation with Threat-Centric Security.

Nine Steps to Smart Security for Small Businesses

Business Continuity and Breach Protection: Why SSL Certificate Management Is Critical to Today s Enterprise

Advanced Cyber Threats Demand a New Privileged Account Security Model Date: June 2013 Author: Jon Oltsik, Senior Principal Analyst

Cybersecurity The role of Internal Audit

Transcription:

Research Conducted by 2015 VORMETRIC INSIDER THREAT REPORT Trends and Future Directions in Data Security FINANCIAL SERVICES EDITION #2015InsiderThreat RESEARCH BRIEF

US FINANCIAL SERVICES SPOTLIGHT ABOUT THIS RESEARCH BRIEF This Research Brief highlights the results collected online by Harris Poll from 102 IT decision makers in U.S. financial services enterprises in the Fall of 2014. U.S. results are compared, where applicable, to findings among IT decision makers in other U.S. enterprises, as well as those in other countries. FINANCIAL SERVICES ARE A PRIMARY TARGET Financial services enterprises have always known that they are a primary target for both traditional employee theft, and criminal hackers trying to steal assets. Insider thefts and inside jobs have been around as long as banks and brokerages have existed. Today, employees with legitimate access, service providers or contractors that maintain infrastructure and privileged users (both internal and at cloud and SaaS providers) are all possible actors, and potential attack vectors when their credentials are compromised. Criminal hackers continue to be a top worry for financial services organizations, and nearly every financial sector breach has included a compromise of a privileged user account or a privileged account at a partner. Nation state hackers attempting to commit acts of cyber terrorism, destabilize financial infrastructure, embarrass opponents or gain competitive advantage are another major concern. WHERE DO INSIDER THREATS COME FROM? NOT JUST FROM YOUR TYPICAL EMPLOYEE CRIMINAL HACKERS NATION STATES TRADITIONAL INSIDERS PRIVILEGED USERS SERVICE PROVIDERS & CONTRACTORS HACKERS TARGETING INSIDER ACCOUNTS 2

2015 Vormetric Insider Threat Report / FINANCIAL SERVICES EDITION RESEARCH BRIEF THE MOST VULNERABLE SECTOR US FINANCIAL SERVICES We asked a crucial question of all survey respondents How vulnerable is your organization to insider threats? Although U.S. financial services did not have the highest rates of feeling very or extremely vulnerable (they responded at 44%, well below the level for U.S. retailers at 51%), overall they responded with the highest rate of somewhat or more vulnerable (97%). This was a common theme for U.S. organizations, who felt consistently more vulnerable than their international counterparts (84%). Our belief is that this sense of vulnerability is driven by multiple factors: Their knowledge of their own shortcomings, having failed compliance audits or encountered data breaches themselves in the last year (41%). The significant level at which they ve seen breaches at partners and competitors (34%) as well as in the media. 97% SOMEWHAT OR MORE VULNERABLE We asked a crucial question of all survey respondents How vulnerable is your organization to insider threats? And the awareness that they are always a prime target, given the treasure trove that their financial assets and corporate data represent. LEVELS OF SOMEWHAT OR MORE VULNERABLE TO INSIDER THREATS BY SEGMENT 89% 93% 97% 92% 93% 82% GLOBAL ALL U.S. U.S. FINANCIAL SERVICES U.S. HEALTHCARE U.S. RETAIL GERMANY FAILING TO SECURE THEIR DATA U.S. financial services organizations are encountering real difficulty in securing their assets. Since 2009, there has been a cadence of large and small breaches at these institutions making news headlines starting with Heartland payments, moving on to Global Payments and concluding this year with JPMorgan Chase. These attacks most often include a strong element of compromised insider credentials. It is troubling to find that 41% of financial services respondents reported that they encountered a data breach or failed a compliance audit in the last year. With their responsibility to protect financial assets, this sector has always tended to invest more heavily in IT Security controls than others. A second statistic adds to this picture with 27% of respondents protecting sensitive data in response to a past data breach (the highest rate of major sectors that were polled). 3

The implied high rate of failure to meet compliance audits is especially telling. Compliance requirements do not evolve as fast as threats in this sector, and as a result have become only a good baseline to build from for a full data security strategy. Failure at this baseline level is not a good sign for the security of their customers information. FINANCIAL SERVICES ORGANIZATIONS FAILING TO SECURE THEIR DATA 41% ENCOUNTERED A DATA BREACH OR FAILED A COMPLIANCE AUDIT IN THE LAST 12 MONTHS 41% - U.S. FINANCIAL SERVICES 48% - U.S. RETAIL AND HEALTHCARE 36% - INTERNATIONAL 26% - GERMANY 2.5x INCREASE IT SECURITY SPENDING PRIORITY FOR DATA BREACH PREVENTION From 21% in 2013 to 57% in 2015. 27% ARE PROTECTING DATA BECAUSE OF A PAST DATA BREACH 27% - U.S. FINANCIAL SERV. 27% - GERMANY 2O% - U.S. RETAIL 25% - UK 8% - JAPAN THE TOP DRIVERS FOR PROTECTING DATA AT U.S. FINANCIAL SERVICES ENTERPRISES From the responses to the poll, it appears that U.S. financial services organizations have reputation and brand protection as a top priority for securing sensitive data (50%). Their IT security spending priorities also seem to be a good match for this. Preventing a data breach is now their top priority (57%), even above protecting finances and other assets (43%). With the recent exposure that data breaches are garnering in the press, as well as the bottom line and leadership changes that have become part of the results, it seems that these organizations have their priorities in the right place. It is also important to note that this priority set is different from just a few years ago. In our 2013 Vormetric Insider Threat Report data set, we found that compliance was by far the biggest driver for IT Security spending increases by all respondents at 45%. In the polling results from U.S. financial services organizations used to create this brief, compliance dropped to third, polling at 39%. However, the most radical change comes from those citing a data breach at their organization as a driver for IT security spending, this changed from 7% in 2013 for all respondents, to a much higher result of 57% from financial services respondents in our polling. TOP DRIVERS FOR U.S. FINANCIAL SERVICES ORGANIZATIONS TOP 3 REASONS FOR SECURING SENSITIVE DATA TOP 3 IT SECURITY SPENDING PRIORITIES 50% REPUTATION AND BRAND PROTECTION DATA BREACH 57% PREVENTING A DATA BREACH INCIDENT 43% COMPLIANCE REQUIREMENTS 43% PROTECTION OF FINANCES & OTHER ASSETS DATA BREACH 42% AVOIDING DATA BREACH PENALTIES 39% FULFILLING COMPLIANCE REQUIREMENTS AND PASSING AUDITS 4

2015 Vormetric Insider Threat Report / FINANCIAL SERVICES EDITION RESEARCH BRIEF THE MOST DANGEROUS INSIDERS As a result of their roles, and the architecture of the systems they manage and maintain, systems administrators and business users with privileged access have had access to the most sensitive corporate data, with few controls placed around this access. For the U.S. financial services sector today, it is clear that concerns over privileged user access have reached the top of their security agendas. Rogue users with admin rights (such as Edward Snowden) as well as service providers that provide and maintain internal and cloud infrastructure for the organization are clearly shown as sources of risk. As noted earlier, this risk is not solely from their roles and work for the organization, but also by the potential for damage when these insider credentials have been compromised by an outside attack. At 63% a full 20 percentage points above the rate for the next category their concerns are very clear. Partners with internal access comprise that next category at 43%. THE MOST DANGEROUS INSIDERS ADMINISTER AND MANAGE INFRASTRUCTURE 63% Privileged Users Privileged Users include System Administrators, Network Administrators, Linux/Unix Root Users, Domain Administrators and other IT roles. 43% Partners with Internal Access (Snowden was a contractor) 40% Contractors/Service Provider Employees Respondents from U.S. financial services organizations top three selections for insiders that pose the largest risk to their organization. DATABASES, FILE SERVERS AND CLOUD ENVIRONMENTS HOLD FINANCIAL SERVICES SENSITIVE DATA A transition is clearly underway in the U.S. Financial Services sector to use sensitive data within newer cloud environments (36%) while still keeping much of their critical data within local databases (48%) and file servers (41%). Internationally, cloud adoption lags that of the U.S. and the results for the financial sector follows the same pattern. For U.S. financial services organizations, cloud was rated as the third highest ranked environment for storing volumes of sensitive data (36%), big data environments were a close follower (31%), while for all respondents polled outside of the U.S. these numbers were cloud (31%) and big data environments (26%). It is no surprise then to see cloud rated as one of the locations at greatest risk for loss (42%), but somewhat surprising to see mobile rated as their top risk (47%), given the low volumes of data that might be exposed. Perhaps the specter of a single multi-million dollar loss because of a mobile compromise is the primary reason for this. Cloud and big data environments come with their own unique set of concerns for insider threats to sensitive data. For cloud environments, the infrastructure is out of the enterprises control, resulting in concerns that include the lack 5

of visibility into where the data resides and moves, as well as who is able to access it. This is true unless the enterprise is able to obtained commitments specifically governed by contracts, SLAs and controls that are not commonly available in the industry. At the end of the day, the financial services company is liable to customers and regulators, regardless of the commitments by the cloud provider. WORRIES AND THE GREATEST VOLUMES OF SENSITIVE DATA HIGHEST VOLUMES OF SENSITIVE DATA ORGANIZATIONS ARE MOST WORRIED ABOUT DATA ON 48% DATABASES 47% MOBILE IMPLEMENT A DATA FIRST SECURITY STRATEGY TO OFFSET THESE THREATS: 41% FILE SERVERS 45% DATABASES U.S. financial services organizations greatest volumes of data-at-risk are in databases, on file servers and in cloud environments. Mobile devices are their area of biggest concern for greatest risk of loss. 36% CLOUD 42% CLOUD 63% PRIVILEGED USERS THE MOST DANGEROUS INSIDER With the combination of their often-unfettered access to data on systems that they maintain, and the risks from compromise of their credentials, it is no wonder that respondents identified Privileged Users as the insiders that pose the largest risk to their organizations. Because endpoint, firewall and network IT security controls are failing to keep attackers out, or halt malicious insiders, a layered defense combining traditional as well as advanced data protection techniques is the path forward. Data protection initiatives need to concentrate on protecting data at the source. For most organizations, this will involve protecting a mix of on premise databases and servers, and remote cloud and big data applications. Companies should leverage a range of data-centric security techniques that protect where the data is stored, and can move with the data. Use data encryption, tokenization, data masking and other techniques that can de-identify data, that include access controls, and that increase data access visibility. Implementing integrated data monitoring and technologies such as security information and event management (SIEM) systems, to identify data usage and unusual and malicious access patterns, is critical to maximizing security. Select data-centric solutions that cover a broad set of use cases, environments, and data types with minimal infrastructure sets for the best total cost of ownership. Scalability and performance are also key attributes. To keep the whole organization safe, companies must develop an integrated data security strategy that includes monitoring, relevant access control, and levels of data protection, and leaves security to the CISO, not the boardroom. 6

2015 Vormetric Insider Threat Report / FINANCIAL SERVICES EDITION RESEARCH BRIEF U.S. FINANCIAL SERVICES EXISTING PROTECTIONS FOR DATA-AT-REST 54% Database/File Encryption 51% Data Access Monitoring 40% Application Layer Encryption 50% Data Masking 26% Tokenization With insider threats to data security on the rise, organizations that focus their security spending on protecting data at the source, implementing data access monitoring technologies, and developing an integrated security strategy that includes the latest encryption technologies will have greater success protecting their most valuable asset. HARRIS POLL SOURCE AND METHODOLOGY Vormetric s 2015 Insider Threat Report was conducted online by Harris Poll on behalf of Vormetric from September 22 October 16, 2014, among 818 adults ages 18 and older, who work full-time as an IT professional in a company and have at least a major influence in decision making for IT. In the U.S., 408 ITDMs were surveyed among companies with at least $200 million in revenue with 102 from the health care industries, 102 from financial industries, 102 from retail industries and 102 from other industries. Roughly 100 ITDMs were interviewed in the UK (103), Germany (102), Japan (102), and ASEAN (103) from companies that have at least $100 million in revenue. ASEAN countries were defined as Singapore, Malaysia, Indonesia, Thailand, and the Philippines. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated. THE 2013 VORMETRIC INSIDER THREAT REPORT On the behalf of Vormetric, Enterprise Strategy Group conducted research around insider threats, privileged users, and advanced persistent threats (APTs). The survey targeted primarily Fortune 1,000 industries and was responded to by 707 IT executives and managers with knowledge of IT security and insider threats. To read the full 2015 Vormetric Insider Threat Report Global Edition, please visit www.vormetric.com/insiderthreat/2015. 7

2015 VORMETRIC INSIDER THREAT REPORT FINANCIAL SERVICES EDITION RESEARCH BRIEF Vormetric.com/InsiderThreat/2015 2015 Vormetric, Inc. All rights reserved.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information