SOURCE: Online survey conducted within the United States, United Kingdom, Germany, Japan, and ASEAN nations (Singapore, Malaysia, Indonesia, Philippines and Thailand) of Enterprises grossing $250 Million U.S. or more by Harris Poll on behalf of Vormetric, between September 1 and September 30, 2014 among IT Managers and higher level roles knowledgeable about IT Security. 818 respondents: 408 USA, 103 UK, 102 Germany, 102 Japan, 103 ASEAN nations.
TRENDS AND FUTURE DIRECTIONS IN DATA SECURITYFinancial services enterprises have always known that they are a primary target for both traditional employee theft, and criminal hackers trying to steal assets. Insider thefts, inside jobs and bank robbers have been around as long as we’ve had banks. Today, employees with legitimate access, service providers or contractors that maintain infrastructure and privileged users are all possible insider threats to financial services organizations, along with the compromise of their credentials.
Criminal hackers continue to be a top worry for financial services organizations, and nearly every financial sector breach has included a compromise of a privileged user account or a privileged account at a partner with access to the enterprise’s network.
Find the 2015 Vormetric Insider Threat Report—Financial Edition on www.Vormetric.com/InsiderThreat/2015 for detailed results and analysis.
THE MOST DANGEROUS INSIDERS ADMINISTER AND MANAGE INFRASTUCTURE
Privileged users include System Administrators, Network Administrators, Linux/Unix Root users, Storage Administrators, Domain Administrators and other IT roles.
40%Contractors/Service Provider Employees (Snowden was a contractor)
63% PRIVILEGED USERS
43%Partners with Internal Access
WHERE DO INSIDER THREATS COME FROM?
FINANCIAL SERVICES ORGANIZATIONS ARE FAILING TO SECURE THEIR DATA
PROTECT YOUR DATA
MAKE ENCRYPTION WITH ACCESS CONTROLS THE DEFAULT
MONITOR AND ANALYZE DATA ACCESS PATTERNS
REPLACE POINT SECURITY SOLUTIONS WITH SECURITY PLATFORMS
CONCENTRATE ON PROTECTING DATA AT THE SOURCE
#2015InsiderThreat
©2015 Vormetric, Inc. All rights reserved. Vormetric is a registered trademark of Vormetric, Inc. All other trademarks are the property of their respective owners. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means,
photocopying, recording or otherwise, without prior written consent of Vormetric.
INSIDERTHREATSU.S. Financial Services Spotlight
Employees
root SA
Priviledged Users
NATIONSTATES
CRIMINALHACKERS
HackersService Providers
MOST VULNERABLE SEGMENT
DATA PROTECTION DRIVERS FOR U.S. FINANCIAL SERVICES ENERPRISES
VOLUMES AND WORRIES
Global All U.S. U.S. FinancialServices
U.S. Financial ServicesU.S. Retail & Healthcare
InternationalGermany
41%48%
36%26%
U.S. Financial ServicesGermany
U.S. RetailU.K
27%27%
20%25%
Japan8%
U.S.Healthcare
U.S. Retail Germany
89% 93% 97% 92% 93% 82%
97%of respondents from U.S. FINANCIAL SERVICES organizations reported that they were vulnerable to insider threats
41%Encountered a data breach or failed a compliance audit in the last 12 months
27%Are protecting data because of a past �data breach
U.S. Financial Services organizations reported the highest rate of protecting data because of a previous data breach.
Protection from data breach penalties as well as reputation / brand protection are at the top of financial services organizations lists.
Respondents from U.S. Financial Services Organizations top three selections for insiders that pose the largest risk to their organization were:
Financial Services greatest volumes of data-at-risk are in databases, on file servers or in cloud environments. Mobile devices are their area of biggest concern for greatest risk of loss.
TOP
3REASONS FOR SECURINGSENSITIVE DATA
TOP
3IT SECURITY SPENDING PRIORITIES
50% Reputation and Brand Protection
42% Avoiding Data Breach Penalties
DATABREACH
43% Compliance Requirements 43%
Protection of Finances & Other Assets
57% Preventing a Data Breach Incident
DATABREACH
39% Fulfilling Compliance Requirements and Passing Audits
HIGHEST VOLUMES OF SENSITIVE DATA
ORGANIZATIONS ARE MOST WORRIED ABOUT DATA ON:
49%Databases
39%File Servers
36%Cloud
45%Databases
47%Mobile
42%Cloud