The insider threat may not gain all the headlines, but it is more prevalent than an outside attack and this year security professionals are starting to do something about it.
That is because a there has been a boost in the number of IT professionals addressing the insider threat in their organizations, according to a report from IS Decisions. Currently 56 percent of IT professionals in the U.S. have an insider threat program already in place, and 34 percent are planning to put one in place this year. An additional 6 percent are planning an insider threat program within five years.
The findings are part of research revealed in IS Decisions’ report based on a survey of 250 IT professionals in the U.S. and 250 in the UK, the study found combating insider threat is high on the agenda following a string of high-profile internal security breaches. An average of 37 percent across the two countries are planning an insider threat program this year.
The research also found IT professionals are spending more on security in general, with the proportion of IT budgets spent on security increasing by a third in the last year (based on research conducted by IS Decisions in November 2013). In addition, 73 percent said they expect their expenditure to increase further. However, a disproportionately tiny 3.6 percent of overall IT budget spend currently goes toward internal security issues.
IT professionals in 2015 are planning a combination of tactics to tackle insider threat, with the majority including ‘technology, tools and data’ (66 percent), and ‘organization-wide security training and awareness’ (57 percent) in their plans.
However, IT professionals are also craving guidance on mitigating insider threat, with 91 percent believing there needs to be industry-wide collaboration and 78 percent want clearer guidelines on tackling the issue.
“2014 has been dubbed by many as the ‘year of the breach,’” said François Amigorena, chief executive at IS Decisions. “We kept seeing big-name businesses hitting the news as a result of major internal security breaches week after week.
“That has carried over into 2015 to some extent with examples like the U.S. health insurer Anthem. However, it looks like IT professionals are very much taking heed of what they’re seeing, meaning 2015 could be set to be the ‘year of tackling insider threat’.
“It’s also encouraging to see that IT professionals are not just thinking up hypothetical plans, they are putting their money where their mouths are in allocating budget. But there is a need there for more collaborative help and guidance, which is interesting given insider threat is an organizational issue. Clearly IT professionals are now open to working together to understand how best to address it.”