In a sign of the times, business executives say cyber criminals pose a greater threat to their companies than insider traders.
A survey, done by global information security company Cyber-Ark Software, said 57 percent of C-level executives surveyed said cyber security over the next one to three years will pose a greater risk in security than people trading on inside information. Cyber-Ark Software surveyed 1,422 IT staff members and C-level execs for the Trust, Security and Passwords report, which is to be released imminently.
The survey pointed to recent data breaches, like the one at EMC's RSA Security Division, as examples of a greater need for better control of important internal information. The survey found 25 percent of respondents said their use of privileged accounts was not being monitored.
Increased awareness that attack vectors can and do originate from both external and internal sources can be attributed in large part to the spectacular external-born breaches that drew headlines in the past year, including the NASDAQ and Gawker breaches. Regardless of the attack vector, the targets inside an enterprise remain the same - highly sensitive intellectual, financial and customer information, Adam Bosnian, executive vice president Americas and corporate development, Cyber-Ark Software, said in a statement.
The survey said traditional threats to company secrets such as insider trading and snooping were still out there as well. Twenty percent of respondents admitted sabotage via insider trading. Meanwhile, the respondents said 48 percent of IT managers were likely to snoop. Still, cyber threats represented most prominent concern for the respondents.
Privileged accounts are the key tool that external attackers and insiders leverage to access and exfiltrate an organization's sensitive information. Security teams need to start with improving the protection of these key internal targets -- not simply building bigger walls around the enterprise, Bosnian said.