Two fundamental issues continue to plague every industry and sector regarding cybersecurity. First, adversaries continue to evolve. And secondly, cybersecurity remains reactionary – which while less effective against advanced threats, is that way mostly by choice. As a result, hackers continue to successfully attack critical infrastructure systems, seemingly at will.
From the outside, we’re still largely feeling the fallout from attacks like the Mirai botnet denial-of-service campaign launched using IoT, which empowers a new host of cyber criminals – regardless of experience or education – to successfully attack targeted organizations, often at the click of a button for a small investment of funds. As dangerous as outside forces are, there is a greater danger hitting a lot closer to home.
Inside our organizations, Accenture and HFS Research claim that most enterprise security executives experience an attempted theft, or a corruption of protected data, from company insiders at least once a year. And those numbers are regardless of sector, industry or any mitigating factors. If you have an organization, you are going to have trouble with insiders. That seems especially bleak, especially when paired with the fact that the Ponemon Institute sees most end-users having access to sensitive company data, and that it takes most companies over a month to detect employees accessing unauthorized files or emails.
How can information security personnel repel insidious insider threats while their organizations are necessarily focused on a barrage of attacks from the outside?
A full 45 percent of IT executives cite malicious insider attacks as one of the email security risks they are most ill-prepared to cope with. A recent study by Enterprise Management Associates (EMA) found that insiders were responsible for 60-percent of leaks. This breaks down into:
More importantly, a contradiction uncovered in the survey pertains to the deployment of encryption technology to protect sensitive data. When asked how important respondents feel encryption is for protecting sensitive data in their organizations, 73% said very important and another 24% said it was important – yet only 44% of survey respondents said their organization currently uses encryption to protect data sent in email or other communications. Only 69% use encryption to protect stored or saved data.
With 88% of respondents stating that protecting data with tools that provide encryption is more important now than it was a year ago, why would so few leverage this security capability?
The same analysis shows that respondents have a concern with regards to the deployment of email or file sharing encryption. Specifically, respondents fear that encryption solutions will impact business workflows, as well as conflict with application interoperability.
Finally, when asked for their insight regarding how great an inhibitor complexity is for the end users within their organization, 57% of respondents reported that it is high or very high, and 52% of respondents cited the cost of adoption and maintenance of email and/or file sharing encryption as a major inhibitor. If it’s too expensive or overly complex, it won’t work well for most organizations.
While it is true that early email encryption products earned a deserved reputation as being difficult to deploy and maintain, that has changed dramatically over the past few years.
As technology product reviewer David Strom concluded in a recent Network World review of email encryption products that “email encryption products have made major strides since we last looked at them nearly two years ago. They have gotten easier to use and deploy, thanks to a combination of user interface and encryption key management improvements and are at the point where encryption can almost be called effortless on the part of the end user.”
Without taking proactive measures to implement scalable, manageable data protection, breaches and leaks will continue to rise. Only by leveraging email and data encryption by making data inaccessible at the source can companies stop unauthorized data access and movement.