Despite companies spending billions to protect systems from external threats, data theft continues to climb.
Businesses often fail to address the underlying problem: most online crime involves an insider. Although in most cases that insider is an unwitting accomplice.
The latest Ponemon Institute study shows companies are struggling to protect information from theft and other attacks.
Online crime wave
Simple data theft is climbing fast. The study, sponsored by Varonis, a security software company, found three out of four organisations have been hit by the data theft in the past two years.
Last year 67 percent or two-thirds of companies reported they had suffered a loss.
Ransomware is among the fastest growing threat. Ponemon says Seventy-eight percent of companies worry about attacks.
Ponemon confirms what we all know, insiders are the biggest computer security threat. Yet employees are not necessarily criminals. Insider negligence is the biggest cause of loss. It is twice as common as deliberate inside theft.
Of the attacked companies, half say they were not aware of anything until 24 hours or more after the breach. Which means attackers can do a lot of damage before victims detect them.
As is often the case with security research, the sponsoring company has a product that solves the problem. Varonis sells insider threat protection software and tools to help companies understand what happens.
Yet that naked self-interest doesn’t negate the study’s key point: companies give employees more access than they need to sensitive information. That makes them vulnerable.
You don’t need to spend a cent with Varonis to fix that.
On the subject of money, a separate report from Gartner says worldwide spending on information security will grow almost eight percent in 2016.
Gartner expects the total amount spent to hit close to US$82 billion this year. Most of the money will go to security consulting firms and outsourcing services.
Shortage of security skill
The IT security skills shortage means companies need to spend more on managed detection and managed response services. In other words, addressing the problems identified by the Ponemon-Varonis study.
Over the next four years focus will switch to security testing, IT outsourcing and data loss prevention (DLP).
The analyst firm also forecasts a bright short-term future for preventive security. It says: “many security practitioners continue to have a buying preference for preventive measures. However, solutions such as security information and event management (SIEM) and secure web gateways (SWGs) are evolving to support detection-and-response approaches”.
Gartner says the SWG market will grow between now and 2020 as organisations focus on detection and response.