Global security intelligence and information management technology company Nuix recently conducted a survey of chief information security officers and directors at Fortune 500 and Fortune 1000 companies and found that the majority are focusing the most on protecting data from “insider threats.”
That survey – entitled Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices and conducted by Ari Kaplan Advisors – found that nearly three-quarters (71%) of respondents reported that they have an insider threat program or policy, with 14% noting that they allocate 40% or more of their information security budget to combating insider threats.
"The findings in this report are of no surprise," explained Keith Lowry, Nuix's senior VP of business threat intelligence and analysis, in the report.
"First, there's greater awareness of insider threats thanks to the public profiles of Chelsea Manning and Edward Snowden,” he added. “It's also easier to steal information; for example, you can copy key files onto a thumb drive in seconds. And finally, sadly enough, theft of internal records has become culturally more acceptable."
One big reason insider threats are a growing concern is that companies across the business world are becoming more and more digitized. For example, a recent survey from Cisco estimates that more than four-fifths, or some 86%, of corporate computer workload will be processed by cloud data centers by 2019.
In terms of vulnerabilities, People were reported to be "almost universally" the biggest weakness in information security, ahead of technology and processes, Lowry said.
For example, of the respondents to Nuix’s poll that reported to have an insider threat or policy, 70% offer employee training to minimize risk.
"We had in-depth conversations with about the dynamic nature of security and how their role is adapting," said Ari Kaplan, the report's author and principal researcher.
"Security leaders now have a much more influential seat at the table, partly because of the public nature of breaches and the lack of information security,” he stressed. “We're seeing a lot more hands-on training, employee monitoring, and testing to address the issue."
Yet another cybersecurity pointer fleets should keep in mind as we head into 2016.