Every Other Company Assumes that Insider Threat Has Already Happened

Forcepoint Germany recently partnered with publishing house IDG to sponsor a study (in German only) into endpoint security among German IT and security professionals. Released and discussed at leading security trade show it.sa, the extensive report took a deep dive into trends and approaches to endpoint security now and in the future.

One of the most encouraging aspects of this study was the openness of respondents to new technological approaches. Thirty-seven percent use behavioral analytics as part of their endpoint security strategy, with another 33 percent planning it. Twenty-nine percent of companies say contextual information is helpful for their endpoint security, and Forcepoint couldn’t agree more.

Without context, companies risk falling into “black and white” thinking which can be damaging. On the one hand, blindly-implemented policies can block genuine workers trying to get the job done, but on the other hand, assuming that genuine credentials equals genuine employee could give a hacker free rein on a network. It seems that German security professionals are in agreement: 68 percent of the companies surveyed agreed that the best endpoint security was useless unless the human factor was taken into account.

However, the survey also uncovered a concerning belief around insider threat: every other company surveyed (50 percent) assumed that current or former employees have already stolen, deleted or sabotaged important data. With 53 percent worried about industrial espionage and 49 percent concerned over identity theft, this finding points to likely gaps in data protection and data movement monitoring, both of which can be comprehensively provided by a DLP solution.

Automation does not equal a problem solved

We are seeing that half of companies (51 percent) are using security automation as part of their endpoint security strategy. A positive move, as long as it’s implemented well. If attacks are automatically detected and reported, it may appear that security systems are in control of the problem. However, automation does not equate to immediate follow up – and often there are so many (and sometimes misleading) alerts flagged that security teams are unable to see the wood for the trees, and inadvertently delay dealing with an automatic flag. During this period of inadvertent delay, any attacker can take advantage of the time to hide his or her traces, explore further within a network, or simply get out with vast quantities of valuable data.

The new world of the cloud

We are not surprised to see that the majority surveyed (62 percent) have already outsourced endpoint security to the cloud, but it does underline the need for the security industry to transform from a world of point products to cloud-native capabilities. Enterprises need to find a security partner who can accelerate their digital transformation efforts with dynamic and proactive security designed for today’s modern threat landscape.

Originally, security strategies were based on the concept of defending a perimeter – keep the bad things out and only let in the good. However, the perimeter-based security model is outdated. In the cloud era where mobility and BYOD are standard, perimeters do not exist.

The survey reinforces that security leaders in Germany are opening up to a human-centric approach. Modern systems which can provide the context on how people or entities interact with critical data and intellectual property are absolutely key to successful protection. There is no silver bullet for cybersecurity, as risk will never entirely disappear. However, we can do a better job by integrating behavioural analytics and through understanding humans - our greatest assets and our biggest risks.

If you’re a German speaker, you can download the report or watch Forcepoint CTO Nico Fischbach discuss key findings in this video.