insider threats - thales e-security · infrastructure and privileged users are all possible insider...

SOURCE: Online survey conducted within the United States, United Kingdom, Germany, Japan, and ASEAN nations (Singapore, Malaysia, Indonesia, Philippines and Thailand) of Enterprises grossing $250 Million U.S. or more by Harris Poll on behalf of Vormetric, between September 1 and September 30, 2014 among IT Managers and higher level roles knowledgeable about IT Security. 818 respondents: 408 USA, 103 UK, 102 Germany, 102 Japan, 103 ASEAN nations.

TRENDS AND FUTURE DIRECTIONS IN DATA SECURITYFinancial services enterprises have always known that they are a primary target for both traditional employee theft, and criminal hackers trying to steal assets. Insider thefts, inside jobs and bank robbers have been around as long as we’ve had banks. Today, employees with legitimate access, service providers or contractors that maintain infrastructure and privileged users are all possible insider threats to financial services organizations, along with the compromise of their credentials.

Criminal hackers continue to be a top worry for financial services organizations, and nearly every financial sector breach has included a compromise of a privileged user account or a privileged account at a partner with access to the enterprise’s network.

Find the 2015 Vormetric Insider Threat Report—Financial Edition on www.Vormetric.com/InsiderThreat/2015 for detailed results and analysis.

THE MOST DANGEROUS INSIDERS ADMINISTER AND MANAGE INFRASTUCTURE

Privileged users include System Administrators, Network Administrators, Linux/Unix Root users, Storage Administrators, Domain Administrators and other IT roles.

40%Contractors/Service Provider Employees (Snowden was a contractor)

63% PRIVILEGED USERS

43%Partners with Internal Access

WHERE DO INSIDER THREATS COME FROM?

FINANCIAL SERVICES ORGANIZATIONS ARE FAILING TO SECURE THEIR DATA

PROTECT YOUR DATA

MAKE ENCRYPTION WITH ACCESS CONTROLS THE DEFAULT

MONITOR AND ANALYZE DATA ACCESS PATTERNS

REPLACE POINT SECURITY SOLUTIONS WITH SECURITY PLATFORMS

CONCENTRATE ON PROTECTING DATA AT THE SOURCE

#2015InsiderThreat

©2015 Vormetric, Inc. All rights reserved. Vormetric is a registered trademark of Vormetric, Inc. All other trademarks are the property of their respective owners. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means,

photocopying, recording or otherwise, without prior written consent of Vormetric.

INSIDERTHREATSU.S. Financial Services Spotlight

Employees

root SA

Priviledged Users

NATIONSTATES

CRIMINALHACKERS

HackersService Providers

MOST VULNERABLE SEGMENT

DATA PROTECTION DRIVERS FOR U.S. FINANCIAL SERVICES ENERPRISES

VOLUMES AND WORRIES

Global All U.S. U.S. FinancialServices

U.S. Financial ServicesU.S. Retail & Healthcare

InternationalGermany

41%48%

36%26%

U.S. Financial ServicesGermany

U.S. RetailU.K

27%27%

20%25%

Japan8%

U.S.Healthcare

U.S. Retail Germany

89% 93% 97% 92% 93% 82%

97%of respondents from U.S. FINANCIAL SERVICES organizations reported that they were vulnerable to insider threats

41%Encountered a data breach or failed a compliance audit in the last 12 months

27%Are protecting data because of a past �data breach

U.S. Financial Services organizations reported the highest rate of protecting data because of a previous data breach.

Protection from data breach penalties as well as reputation / brand protection are at the top of financial services organizations lists.

Respondents from U.S. Financial Services Organizations top three selections for insiders that pose the largest risk to their organization were:

Financial Services greatest volumes of data-at-risk are in databases, on file servers or in cloud environments. Mobile devices are their area of biggest concern for greatest risk of loss.

TOP

3REASONS FOR SECURINGSENSITIVE DATA

TOP

3IT SECURITY SPENDING PRIORITIES

50% Reputation and Brand Protection

42% Avoiding Data Breach Penalties

DATABREACH

43% Compliance Requirements 43%

Protection of Finances & Other Assets

57% Preventing a Data Breach Incident

DATABREACH

39% Fulfilling Compliance Requirements and Passing Audits

HIGHEST VOLUMES OF SENSITIVE DATA

ORGANIZATIONS ARE MOST WORRIED ABOUT DATA ON:

49%Databases

39%File Servers

36%Cloud

45%Databases

47%Mobile

42%Cloud