©mutsMaks/ISTOCK/THINKSTOCK
According to the 2015 edition of its annual Defending Data report, investigation and security provider Nuix says companies are adjusting their cybersecurity budgets and company cultures to address insider-driven cyber threats and regulatory considerations.
“The overwhelming focus of discussions around cybersecurity relates to protecting money and valuable information,” said Dr. Jim Kent, Nuix’s global head of security and intelligence and CEO, North America, in the study. “These are the primary targets for cybercrime and cyber-espionage activities. Private data and financial information are easily monetized on the black market and often very poorly protected.”
Perhaps not surprisingly, this concern is also translating into higher security spending. In 2014, 72 percent of respondents said security spending had changed in the past year, and 65 percent expected it to increase in the future. This year, 89 percent reported changes in spending patterns and 64 percent expected further increases.
Internal Attention
According to the study, companies are paying more attention to insider threats. Typical risks may include employees who:
- Access internal information for malicious intent, such as selling data or revealing sensitive information publicly to expose policies or practices they oppose
- Copy or transfer data outside the organization
- Allow someone outside the organization to access internal data, either accidentally or deliberately
- Use internal knowledge of the organization’s systems and security measures to access or exploit data.
In response to the insider threat, Nuix says 71 percent of the surveyed companies have insider security programs that include employee training about security policies and responsible data use, as well as monitoring to determine when data is accessed inappropriately or copied onto unauthorized devices.
Companies are reinforcing their training and awareness efforts with little tolerance for accidental violations of security procedures. According to respondents, if more employees face penalties and potential termination for security problems after they have been trained about reducing risk, Â they are likely to take security risks more seriously.
Regulatory Considerations
In the survey findings, the percentage of companies saying regulatory considerations are influencing security spending doubled from 23 percent in 2014 to half in 2015. As the Federal Trade Commission and industry regulators take more aggressive stances in penalizing companies they feel violate standards of data care, companies are increasing security-related spending to avoid potential compliance issues.
In addition to direct regulatory sanctions, companies are worried about potential reputation and marketplace risks associated with public disclosure of security breaches.