The majority of European businesses do not have adequate security measures in place to protect themselves from insider threats, an IDC report has revealed.
The survey of 400 organisations with more than 1000 employees in the UK, France, Germany, the Netherlands and Sweden showed that nearly a third do not use basic methods of breach detection
. Less than 20% have any form of security analytics in place.
The report said that most organisations in Europe are left exposed to malicious or unscrupulous insiders through their use of traditional, outdated security systems
. This approach focusses on system protection, without monitoring and responding to inside user activity.
Only 12% of companies surveyed regarded insider threats as a high concern. Most prioritised other issues such as viruses (67%), advanced persistent threats (APTs) (42%), phishing (28%) and poor user security practices (27%). However, the report emphasised that most of these threats could be caused by hapless insiders allowing their valid credentials and access rights to be hijacked.
Duncan Brown, research director at IDC’s European security practice, said: “Security breaches are inevitable, but that is tough for security professionals to accept given the considerable budgets that are spent on prevention.
“The majority of organisations have experienced a data breach
over the past two years, but the average time to discover a breach remains around eight months. It is clear that organisations need to detect breaches as they happen, and not wait for the damage to be done.”
Claim your free* cyber security assessment here