Data theft is usually an inside job

Despite companies spending billions to protect systems from external threats, data theft continues to climb.

Businesses often fail to address the underlying problem: most online crime involves an insider. Although in most cases that insider is an unwitting accomplice.

The latest Ponemon Institute study shows companies are struggling to protect information from theft and other attacks.

Online crime wave

Simple data theft is climbing fast. The study, sponsored by Varonis security software company found 76 percent or three out of four organisations say they have been hit by the loss or theft of data in the past two years.

Last year 67 percent or two-thirds of companies reported they had suffered a loss.

Ransomware is among the fastest growing threat. Ponemon says Seventy-eight percent of companies worry that they may be attacked.

Inside job

Ponemon confirms what we all know, insiders are the biggest computer security threat. Yet employees are not necessarily criminals. The study found insider negligence is the biggest cause of the losses and is twice as common as deliberate inside theft.

Of those companies who have already been attacked, half say they were not aware of anything until 24 hours or more after the breach. Which means attackers can do a lot of damage before they are detected.

Vested interest

As is often the case with research into online security, the company sponsoring the study has a product that can help solve the identified problem. Varonis sells insider threat protection software and tools to help companies understand what happens.

Yet that naked self-interest doesn’t negate the study’s key point, that companies often give employees more access than they need to sensitive information and that makes them vulnerable.

You don’t need to spend a cent with Varonis to fix that.

On the subject of money, a separate report from Gartner says worldwide spending on information security will grow almost eight percent in 2016.

The total amount spent is expected to hit close to US$82 billion this year. Most of the money will go to security consulting firms and outsourcing services.

Shortage of security skill

According to Gartner the shortage of talented IT security professionals means companies will need to spend more on managed detection and managed response services. In other words, addressing the problems identified by the Ponemon-Varonis study.

Over the next four years Gartner says the spending focus will switch to security testing, IT outsourcing and data loss prevention (DLP).

The analyst firm also forecasts a bright short-term future for preventive security. It says: “many security practitioners continue to have a buying preference for preventive measures. However, solutions such as security information and event management (SIEM) and secure web gateways (SWGs) are evolving to support detection-and-response approaches”.

Gartner says the SWG market will growth between now and 2020 as organisations focus on detection and response.