The Leading Causes of IT Security Gaps
August 11, 2016 6:30 AM
The Leading Causes of IT Security Gaps
According to the new Ponemon Institute study, Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations, sponsored by Varonis, 76 percent of organizations experienced the loss or theft of data last year. The study looks into the factors behind those incidents, and lessons that can be learned from them.
Loss or theft of data is up sharply
Seventy-six percent of IT practitioners say their organization experienced the loss or theft of company data over the past two years. This is a significant increase from 67 percent of respondents who participated in the 2014 study. The leading cause is insider negligence.
Insider negligence is number one internal threat
When a data breach occurs, 50 percent of IT respondents say negligent insiders are most likely to blame. In fact, insider negligence is more than twice as likely to be the cause over any other culprits, including external hackers, malicious employees or contactors.
Ransomware is a growing nightmare for companies
While the vast majority of attempts to steal or gain access to valuable data are designed to be undetected, ransomware is one type of attack that loudly announces its presence. Given the rise of these threats and their sophistication, are organizations becoming more prepared and more vigilant? Apparently not, as 78 percent of IT respondents are extremely or very concerned about the threat of ransomware.
Employees jobs require them to access more proprietary data
End users report a sharp increase since 2014 in their access to sensitive and confidential information. In this years study, 88 percent of respondents say their jobs require them to access and use proprietary information such as customer data, contact lists, employee records, financial reports, confidential business documents, software tools or other information assets. This is an increase from 76 percent of respondents in 2014.
Companies need to track employees access to confidential data
Employees have access to such confidential information as email and attachments with sensitive information, non-financial business information and customer information including contact lists. Sixty-two percent of end users say they have too much access to confidential corporate data. This is an improvement from 2014 when 71 percent of respondents said end users had too much access. In addition, 47 percent say such access happens very frequently or frequently.
Progress in combatting these threats is not encouraging
Only 29 percent of IT respondents say their companies fully enforce a strict least privilege model to ensure only appropriate insiders have access to company data on a need-to-know basis. The list of individuals who have access to file shares and other collaborative data stores is rarely reviewed. Twenty-four percent of IT respondents say they never review the list. However, 16 percent say they review the lists twice a year, and another 38 percent review it once a year.
Many organizations have no searchable records of file system activity
Some 35 percent of respondents say their companies do not maintain a searchable record of the file system activity. Failure to audit file system activity is a significant vulnerability, especially with regard to ransomware. Without an audit trail there is no way to determine which files have been encrypted by ransomware. Of those that do, records of activity are preserved for more than a year by 28 percent of respondents; more than a week by 21 percent; and more than a month by 16 percent of respondents.
Companies are slow to detect unauthorized file access
Only 25 percent of respondents say their company monitors all employee and third-party file and email activity and 38 percent say their company does not monitor file and email activity at all. Only 24 percent of respondents say they are able to determine if employees are accessing information they are not authorized to see.
End users are not deleting files, thus exacerbating vulnerability
Some 43 percent of respondents say they retain and store document or files they created or worked on forever. Another 25 percent of respondents say they keep documents or files one year or longer.
Moving to the cloud is happening much more slowly than expected
Crown-jewel data continues to be stored on premises, and 86 percent of respondents say their organizations have most of their data stored on premises. In contrast, 13 percent of respondents say most of their information is stored in the cloud.
Two troubling factors account for most data theft and loss
The inescapable conclusion is that the continuing increase in data loss and theft is due in largepart to two troubling factors: Compromises in insider accounts that are exacerbated by far wider employee and third-party access to sensitive information than is necessary; the continued failure to monitor access and activity around email and file systems where most confidential and sensitive data moves and lives.
Too many companies arent taking security seriously enough
Every company relies on and is entrusted to protect -- valuable, confidential and private data. The most valuable data featured in most breaches is unstructured data such as emails and documents. This is the data that most organizations have the most of, and know the least about. When emails and files are surfaced publicly, they tend to cause scandal, forcing the breach to have a lasting effect on the companys reputation. Despite the technology available and the continued rise of data loss and theft, it is clear that most organizations are not taking the threat of major disruption in business and reputation seriously enough.
