Bank Systems & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:49 PM
Connect Directly

Manual Processes Leave Businesses Open To Insider Threats, Study Says

Almost 60% of respondents say their companies are unable to effectively focus an identity and access management system on areas of the greatest business risk.

Nearly 60% of U.S. businesses and government agencies report they don't have the information or the technology to deal with insider threats to their network, according to a new study.

The research, done by the Ponemon Institute, also shows that 58% still rely on manual controls to audit and control user access to critical enterprise systems and data resources, leaving networks open to privacy breaches, failed audits, and potential fraud or misuse of data.

"Our findings point to a number of barriers preventing the implementation of effective identity management and proactive safeguards for securing sensitive corporate data against insider risk," said Larry Ponemon, chairman and founder of the Ponemon Institute, in a written statement. "In order to assess risk, and identify and address identity management shortcomings, organizations must have access to data and appropriate coordination across business units. Our research shows that, for too many companies, this is simply not happening."

According to the study, 71% of respondents confirm that identity compliance activities are strategically important, resulting in an average of 28% of total IT compliance budgets. And 64% of respondents say they have deployed an identity and access management system (IAM), a category that includes access control, password management, provisioning, and role management.

That's not solving the problem, though. The study also shows that almost 60% of respondents say their companies are unable to effectively focus IAM controls on areas of the greatest business risk. They add that this is a "severe" risk.

What's going wrong with corporate identity and access management projects? Fifty-eight percent of survey respondents say they mostly use manual methods and 51% take a reactive approach.

"As the complexity of identity management has increased, so have the inherent risks, media attention and public scrutiny associated with corporate compliance initiatives," said Jackie Gilbert, founder of SailPoint Technologies, in a written statement. SailPoint commissioned the study.

Insider threats pose a significant risk to companies. Last month, the Delaware U.S. attorney revealed a massive insider data breach at chemicals company DuPont where a former scientist late last year pleaded guilty to trying to steal $400 million worth of company trade secrets. The insider now faces up to a decade in prison, a fine of $250,000, and restitution when sentenced in March.

And in January, a former systems administrator at Medco Health Solutions was charged for allegedly writing and planting malicious code that could have crippled a network that maintained health care information on customers. A co-worker found the so-called logic bomb before it went off. This comes just months after a former systems administrator, who was convicted last summer of launching an attack on UBS PaineWebber four years ago, was sentenced to 97 months in jail in U.S. District Court in Newark, N.J.

Register for Bank Systems & Technology Newsletters
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.