A first of its kind to record insider threat activity within the region, the ITWeb/Magix Insider Threat Survey results indicate that the majority of organisations now have insider threat on their agenda even if their deployment is still in its infancy,
This is according to Hedley Hurwitz MD of Magix. He says the results are consistent with Magix experience of the local market and studies conducted in other parts of the world in regards to insider threats.
Running from 23 August to 6 September, the survey attracted a total of 131 respondents.
Among other questions, it asked the respondents to state if their organisations have been victims of fraud which resulted in financial loss, and which could not have been perpetrated without the abuse of their own infrastructure, database and/or application framework by known users or their impersonators.
60% of the respondents revealed that they have had sporadic cases over the years, with 20% saying they have had several incidents per year while the remaining 20% said that they report several incidents per month.
According to Hurwitz, fraud is defined as intentional deception made for personal gain or to sabotage another. “Vulnerabilities at infrastructure, data management and user-behaviour level are the gaps in organisations that enable deception to occur”.
He says the survey shows that over 60% of companies have inadequate controls and processes in place to effectively protect their infrastructure and information assets. “50% of organisations are not managing passwords effectively and have no mechanism in place to monitor database activity.
“The main reason for this apparent lack of concern for security is largely historical. Organisations have worked hard to secure the perimeter but have overlooked the threat from insiders”, says Hurwitz.
“There are a number of solutions that can automate password management. This approach ensures enforcement of policies and records the issuing and termination of user rights. Such systems also form part of more comprehensive identity management and single sign-on solutions that further protect against identity theft and misuse of privileges”, argues Hurwitz.
Furthermore, he says, the use of biometrics and physical tokens are the strongest authentication mechanism, though their deployment is cumbersome and expensive.
In regards to systems in place where security events are regularly reviewed classified and dealt with accordingly, 30.12% of respondents said they have no formal processes or systems in place to review security logs. These may be looked at occasionally as part of an IT Audit.
The same percentage also revealed that they have systems in place that enable them to receive near real-time alerts of security breaches from different systems.
Of those surveyed, 22.89% revealed that they have a complete security incident and event management solution in place while 16.87% said they have a manual formal process in place to review logs regularly.
Concerning comprehensive data leakage prevention (DLP) strategies that can classify and protect classified data, 31.15% of the respondents said they have a DLP strategy in place but are unsure if they have protected or confidential data, 37.7% said they have a comprehensive DLP strategy and deployment in place. Another 31.15% have a DLP strategy in place but are practically unable to determine if data has been copied or resides elsewhere.
Says Hurwitz: “Even if you assume the 37.7% have a 100% perfect DLP strategy in place, you remain with over 60% of organisations that are not adequately equipped to prevent data leakage”.
Hurwitz says depending on the nature of the organisation, data is often one of the most valuable assets.
“Information regarding customers, product information, new initiatives, transaction history, etc constitute intellectual capital that has taken years, and significant cost, to acquire. This information is of great value to competitors, and is one of the primary sources of information used by syndicates to target and defraud customers while operating under your brand”.
On a brighter note, Hurwitz says the survey revealed that insider threat is now being viewed as a mainstream concern and focus of the business and its security custodians.
Share