OVUM Research Shows Privileged Users Are Highest Risk to Data For 54 Percent of IT Decision Makers

June 18, 2015

OVUM RESEARCH SHOWS PRIVILEGED USERS ARE HIGHEST RISK TO DATA FOR 54 PERCENT OF IT DECISION MAKERS (ITDMs) IN EUROPEAN ORGANISATIONS

Survey also reveals that 40 percent of ITDMs in UK firms have encountered a data breach or failed a compliance audit in the last 12 months

Vormetric, a leader in enterprise data security for physical, virtual, big data, public, private and hybrid cloud environments, today announced the European findings of its 2015 ‘Insider Threat’ survey. The survey was conducted online on its behalf by Harris Poll in fall 2014 among 818 enterprise IT decision makers (ITDMs) in various countries, including 204 in the UK and Germany. Analysis and research into the results was performed by analyst firm Ovum.

The research uncovered that 54 percent of the German and UK respondents believe that privileged users (system administrators, database administrators, network administrators, etc.) pose the biggest risk to their organisation – a substantial step up from 38 percent in last year’s 2014 Vormetric Insider Threat Report – European Edition. Only 13 percent said that their organisations were not at all vulnerable to insider threats – a slight improvement on the nine percent that said they felt safe last year, but still leaving 87 percent feeling vulnerable.

The insider threat is multi-faceted and does not only relate to the deliberate theft of data. If systems are not appropriately secured, employees can also inadvertently put sensitive company information at risk. In addition, modern cyber attacks frequently rely on hijacking log-in credentials of unsuspecting users, often targeting ‘privileged users’ who have the greatest levels of network access. Cyber criminals then use these credentials to log-in and appear as legitimate users so that they can steal data undetected.

“With the research showing that more than half of European organisations now classify privileged users as posing the highest risk to their data, there is clearly a growing need to manage and secure what these users can do on the corporate network,” said Andrew Kellett, Principal Analyst Infrastructure Solutions at Ovum. “Although most organisations will have already realised that this type of user account needs to be implemented and overseen with far greater care than they perhaps once were, there remains a variety of technical challenges to overcoming the risk they pose – not least because this type of user account is usually used to perform essential network maintenance and administration procedures that cannot be interfered with.”

The key findings of the Ovum survey include:

54 percent of IT decision-makers in European enterprises placed privileged users as the highest risk group when considering their data protection requirements. Contractors, service providers, and business partners were also seen as possible risks.
Although 51 percent of UK respondents and 44 percent of German respondents are increasing spending to offset threats to data, this lags behind 62 percent in the US
Only 13 percent of IT decision-makers in European enterprises identified that they were not at all vulnerable to insider threats
40 percent of UK respondents reported that their organizations have encountered a data breach or failed a compliance audit in the last 12 months
Compliance was identified by respondents as still the top reason for securing sensitive data in Europe (56 percent), but reputation and brand protection are close behind (54 percent)
Top European IT security spending priorities identified by respondents were protection of Intellectual Property (52 percent) and preventing a data breach incident (48 percent)

“With 40 percent of UK firms either being breached or failing a compliance audit in the last year, we are clearly a long way from anything approaching adequate data security,” said Alan Kessler, CEO of Vormetric. “Part of the problem is an overemphasis on compliance. With insider related attacks changing by the hour, you can think of today’s compliance mandates as requiring organisations to use the weapons of yesterday to fight today’s battles. Given this reality, encryption and access controls are increasingly the weapons of choice today to protect organisations critical data.”

For more information and to download the report, visit: http://www.vormetric.com/campaigns/insiderthreat/2015/eu/