Industry Survey Shows High-Profile Corporate Data Breaches Have Yet to Impact IT Security Attitudes
Insider Threats Still Not Considered Critical Security Issue, According to Lieberman Software Survey of IT Professionals
(LOS ANGELES, CA – April 21, 2009) Despite recent headlines announcing major corporate data breaches, concerns about insider security threats remain a low priority for enterprise organizations. According to a survey of IT industry professionals, insider security threats and corporate data breaches are lesser security concerns than more traditional security risks, such as viruses, Trojans and worms. The survey was conducted by Lieberman Software Corporation, a developer of privileged account password management solutions.
“The findings of this survey are consistent with the current state of security in the market,” said Philip Lieberman, president and CEO of Lieberman Software. “Most organizations are focused on external threats, like protecting their email servers from the outside world. However, insiders pose a very serious risk because of their privileged access to sensitive information, systems and networks. There has been a steady stream of news stories about extensive data breaches caused by an internal source, and I expect we’ll see more in this current economic environment unless companies begin to take the threat seriously.”
A number of recent data breaches have significantly raised the profile of insider threats to critical corporate information assets. In many of these cases, an unauthorized user was able to decrypt one local password and gain unrestricted access to sensitive data on every system in the network that used the same credentials.
“Insider threats are now the root cause of most data breaches, whether by malicious acts or accidents,” Lieberman added. “These threats can be controlled if organizations properly educate their staff and implement the appropriate technology to deal with these risks, rather than relying almost exclusively on firewalls, antivirus tools, and other conventional solutions that are no defense against modern attacks. We’ve discovered that while many organizations are vulnerable to insider threats, they don’t realize how easily their systems can be compromised from within. And the insider threat is growing, particularly in this economy as the number of disgruntled and terminated employees increases.”
Key survey information revealed:
• Cost-savings is still the major driver for IT spending: While cost-savings initiatives were rated the highest driving factor for IT spending at 53.6 percent, protecting information assets from new security threats garnered just 15.2 percent of survey respondents. As the security threat level continues to increase, the decision to save money in IT by not investing in proper security measures could lead to more of the high-profile breaches that have recently occurred.
• The biggest security concerns remain hackers, viruses, and other external threats: Only 11.7 percent of survey respondents rated corporate data breaches as the top security concern, and just 12.4 percent considered insider security threats to be the biggest concern. Hackers, viruses, Trojans, worms, and even human error all rated higher.
• The current economic climate is a factor: 75.9 percent of survey respondents said that the current economy has impacted security concerns at their organizations. 60.7 percent of respondents work at organizations that have reduced their IT budgets in 2009. These issues could account for the emphasis on cost-savings initiatives and the focus on more traditional security threats, at the expense of investigating and acquiring solutions for emerging corporate data breach threats.
• IT hires are frozen or decreasing: Not surprisingly, considering the current economic climate, 40.2 percent of organizations have reduced their staff in 2009, while only 12.5 percent have increased staff. Former employees with access to privileged account credentials continue to pose a particularly serious internal security threat.
The online survey was conducted earlier this month among a range of IT professionals – including administrators, managers, executives, and auditors – from organizations in every major vertical market worldwide.
Lieberman Software announced the findings at RSA Conference 2009. The company is exhibiting in booth 733 at the show. For more information, view the survey results.
About Lieberman Software Corporation
Lieberman Software provides privileged identity management and configuration management solutions that help control the local and domain security of the cross-platform enterprise. By automating time intensive systems administration tasks, Lieberman Software increases control over the IT infrastructure, subsequently reducing security vulnerabilities, improving productivity, minimizing system failures, and ensuring compliance. Since 1994 Lieberman Software has been providing solutions which ensure that the largest corporate, education, and government enterprises remain managed, secure, and compliant. The company is a managed Microsoft Gold Certified Partner headquartered in Los Angeles, CA. For more information, see www.liebsoft.com.
Product and company names herein may be trademarks of their registered owners.
For more information, please contact:
Marketing Communications Manager
Lieberman Software Corporation