97% of IT Decision Makers at Financial Services and 93% at Retail Organizations Say their Organization is Vulnerable to Insider Threats
2015 Thales eSecurity Insider Threat Report - Financial Services and Retail Editions
Industries Cite Fears Over Privileged Insiders, Prioritize Preventing Data Breaches
SAN JOSE, Calif. – Feb. 24, 2015 – Thales eSecurity, a leader in enterprise data security for physical, big data, public, private and hybrid cloud environments, today announced the retail and financial-focused results of its 2015 Thales eSecurity Insider Threat Report conducted online by Harris Poll in fall 2014 among 408 U.S. IT decision makers, with greater emphasis surrounding U.S. retail and financial enterprise threat perceptions and needs. Similar to the global ITR released in January, the role of privileged insiders and employee data access is explored in more specific detail, along with spending motivations and attitudes towards compliance standards.
Ordinary employees, privileged users and the supply chain – such as contractors and third party service providers – are all conduits for a traditional insider threat. But the spectrum of insider threats also includes the compromise of these insider accounts by hackers using Advanced Persistent Threat (APT) attacks and other methods. As cloud and big data adoption accelerates, these new technologies also bring new risks to organizations with additional administrative roles and potentials for infrastructure compromise.
“Retailers and financial services organizations are feeling the heat. Over 51% of retailer respondents reported being very or extremely vulnerable to these attacks - the highest rates measured in the study. Financial services respondents reported the overall highest level of vulnerability at 97%,” said Alan Kessler, CEO of Thales eSecurity. “Surprisingly, the data also shows that organizations are not connecting the dots about how to solve the problem. These organizations continue to invest at similar rates in both the network and end point security technologies that consistently fail under today’s attacks, as well as the data-at-rest solutions that can help them to solve the problem.”
Key findings for Financial Services:
- 97% of U.S. financial services respondents reported they were “somewhat” or more vulnerable insider threats
- 41% of U.S. financial services respondents have experienced a data breach or failed a compliance audit in the last 12 months
- 63% of U.S. financial services respondents cited privileged users as the most dangerous insider threat – a full 20 percentage points above the second-highest category, partners with internal access
- When asked about the top 3 IT security spending priorities:
- 57% of U.S. financial service respondents cited preventing a data breach incident – a 2.5X increase since 2013, which saw 21% of respondents citing it as spending priority
- 43% cited protection of finances and other assets
- 39% cited fulfilling compliance requirements and passing audits
Key Findings for the Retailer sector
- 93% of U.S. retail respondents reported they were “somewhat” or more vulnerable to insider threats
- Of that number 51% of U.S. retail respondents reported feeling “very” or “extremely” vulnerable to insider threats – more than twice that of respondents outside the U.S. (24%)
- 48% of U.S. retail respondents have experienced a data breach or failed a compliance audit in the last 12 months
- When asked about the top 3 IT security spending priorities:
- 63% of U.S. retail respondents cited preventing a data breach incident
- 37% cited protection of critical IP
- 36% cited protection of finance and other assets
- Although meeting compliance requirements was not a top spending priority, 77% of retail organizations rated compliance requirements as “very” or “extremely” effective at offsetting insider threats
“Within the past 3-5 years, threats have changed dramatically and will continue to do so in the year ahead,” said Andrew Kellett, lead analyst for Ovum and author of the 2015 Thales eSecurity Insider Threat Report – Global Edition. “Vulnerable sectors like the retail and financial industries need to understand that compliance standards evolve too slowly to keep up with fast moving threats, and even then ticking all the compliance boxes is no guarantee of safety. As a result, their continued confidence in these standards is curious. There is also a real need for them to take a fresh look at their IT security investments, and to prioritize the security controls that can help them better protect their data.”
With data security now a board level issue, organizations need to make it a priority to develop a focused IT security strategy that includes:
- Deploying a layered defense that combines traditional IT security solutions with advanced data protection techniques
- Prioritizing the protection of data at the source. For most organizations, this involves protecting a mix of on premise databases and servers, newer big data implementations and remote cloud resources
- Leveraging a range of data-centric security techniques that protect where the data is stored, and that can move with the data. Use data encryption, tokenization, data masking and other techniques that can de-identify data, control data access, and that increase data access visibility
- Implementing integrated data monitoring and technologies such as security information and event management (SIEM) systems to identify data usage and unusual and malicious access patterns
The survey results and research reports for Financial Services and Retail are available from Thales eSecurity and can be found here.
Thales eSecurity 2015 Insider Threat Report was conducted online in the United States by Harris Poll on behalf of Thales eSecurity from September 22-October 16, 2014, among 408 adults ages 18 and older, who work full-time as IT professionals in companies with at least $200 million in revenue and have at least a major influence in decision making for IT, including 102 from health care industries, 102 from financial industries, 102 from retail industries and 102 from other industries.
About Thales eSecurity
Thales eSecurity (@Thales eSecurity) is the industry leader in data security solutions that protect data-at-rest across physical, big data and cloud environments. Thales eSecurity helps over 1500 customers, including 17 of the Fortune 30, to meet compliance requirements and protect what matters — their sensitive data — from both internal and external threats. The company’s scalable Thales eSecurity Data Security Platform protects any file, any database and any application’s data —anywhere it resides — with a high performance, market-leading solution set.