87% of Japanese and 84% of ASEAN IT Decision Makers Say their Organization is Vulnerable to Insider Threats
2015 Thales eSecurity Insider Report – Japan and ASEAN Edition
SAN JOSE, Calif. – March 24, 2015 – Thales eSecurity, a leader in enterprise data security for physical, virtual, big data, public, private and hybrid cloud environments, today announced the results of its ASEAN and Japan focused edition of the 2015 Thales eSecurity Insider Threat Report (ITR). The survey was conducted online on their behalf by Harris Poll in fall 2014 among 818 IT decision makers (ITDMs) in various countries, including 102 each in Japan and ASEAN. Analysis was performed in conjunction with analyst firm Ovum’s Andrew Kellett, Principal Analyst Infrastructure Solutions. This report extends earlier findings in the global report, retail and financial research briefs and cloud and big data edition with findings about how enterprises in Japan and ASEAN perceive security threats, the types of employees considered most dangerous, environments at the greatest risk for data loss and the steps organizations are taking to secure data.
“Data breaches are happening everywhere, and the Japanese and ASEAN markets are not immune,” said Andrew Kellett, senior principal analyst with Ovum. “However, we found wide variations in the study between the attitudes and plans of Japanese and ASEAN organizations. ASEAN organizations feel significantly more at risk, and are rapidly adopting new technologies such as cloud and big data. While Japanese enterprises were significantly more conservative in their use of these technologies with sensitive data, and as such expressed lower levels of concern.”
Ordinary employees, privileged users and the supply chain – such as contractors and third party service providers – are all conduits for a traditional insider threat. But the spectrum of insider threats also includes the compromise of these insider accounts by hackers using Advanced Persistent Threat (APT) attacks and other methods. As cloud and big data adoption accelerates, these new technologies also bring new risks to organizations with additional administrative roles and potentials for infrastructure compromise.
Results showed that organizations in both regions felt vulnerable to insider threats. In Japan 87 percent, and in ASEAN 84 percent, but substantial variations were found in many other areas, and against U.S. respondents:
- Rates of very or extremely vulnerable to insider threats:
Japan: 17 percent
ASEAN: 33 percent
U.S.: 45 percent
- Failed a compliance audit or encountered a data breach in the last year
Japan: 29 percent
ASEAN: 48 percent
U.S.: 44 percent
- Top locations at risk for loss of sensitive data:
Japan – mobile devices (58 percent), PCs and workstations (47 percent)
ASEAN – file servers (50 percent), databases (45 percent)
U.S. – cloud environments (46 percent), databases (37 percent)
- Insiders that pose the largest risk:
Japan – Ordinary employees (56 percent), Contractors/Service Provider employees (52 percent)
ASEAN – Privileged users (62 percent), Partners with internal access (60 percent)
U.S. – Privileged users (59 percent), Partners with internal access (51 percent)
- Increasing IT Security spending to offset threats to data over the next 12 months:
Japan – 27 percent
ASEAN – 64 percent
U.S. – 62 percent
ASEAN respondent results were a close match for U.S respondents concerns in most areas. Japanese respondents especially had views that resemble how U.S and global organizations viewed risks to data a few years ago (based on results from the 2013 Thales eSecurity Insider Threat Report). Recognition of the need for privileged user control, and that large data breaches result from compromises of large data stores are the largest of these changes.
“With the rate of data breaches worldwide accelerating, and with compliance and regulatory requirements for sensitive information increasing as a result, enterprises worldwide are recognizing the need to make changes in their IT security stance,” said Tina Stewart, vice president at Thales eSecurity. “Perimeter, network and end point defenses have failed in every recent data breach. Organizations that are placing a priority on increasing data-at-rest defenses such as those in ASEAN (60 percent) and the U.S. (49 percent) will be much better prepared to protect data against attacks. Results from Japanese respondents in this area represent a concern, only 32 percent of respondents planning to increase spending on data-at-rest defenses in our results. But, with the recent disclosures of 25.66 billion attempts to compromise corporate systems in Japan by NICT, we’re seeing customers in Japan indicate that data protection is a much greater priority than the results suggest.”
The survey results and research report are available from Thales eSecurity and can be found here.
Thales eSecurity’s 2015 Insider Threat Report was conducted online by Harris Poll on behalf of Thales eSecurity from September 22-October 16, 2014, among 818 adults ages 18 and older, who work full-time as an IT professional in a company and have at least a major influence in decision making for IT. In the U.S., 408 ITDMs were surveyed among companies with at least $200 million in revenue with 102 from the health care industries, 102 from financial industries, 102 from retail industries and 102 from other industries. Roughly 100 ITDMs were interviewed in the UK (103), Germany (102), Japan (102), and ASEAN (103) from companies that have at least $100 million in revenue. ASEAN countries were defined as Singapore, Malaysia, Indonesia, Thailand, and the Philippines. This online survey is not based on a probability sample and therefore no estimate of theoretical sampling error can be calculated.
About Thales eSecurity
Thales eSecurity (@Thalesesecurity) is the industry leader in data security solutions that protect data-at-rest across physical, big data and cloud environments. Thales eSecurity helps over 1500 customers, including 17 of the Fortune 30, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable Thales eSecurity Data Security Platform protects any file, any database and any application’s data —anywhere it resides — with a high performance, market-leading solution set.