2015 Vormetric Insider Report - Japan and ASEAN Edition
Vormetric, a leader in enterprise data security for physical, virtual, big data, public, private and hybrid cloud environments, today announced the results of its ASEAN and Japan focused edition of the 2015 Vormetric Insider Threat Report (ITR). The survey was conducted online on their behalf by Harris Poll in fall 2014 among 818 IT decision makers (ITDMs) in various countries, including 102 each in Japan and ASEAN. Analysis was performed in conjunction with analyst firm Ovum's Andrew Kellett, Principal Analyst Infrastructure Solutions. This report extends earlier findings in the global report, retail and financial research briefs and cloud and big data edition with findings about how enterprises in Japan and ASEAN perceive security threats, the types of employees considered most dangerous, environments at the greatest risk for data loss and the steps organizations are taking to secure data.
"Data breaches are happening everywhere, and the Japanese and ASEAN markets are not immune," said Andrew Kellett, senior principal analyst with Ovum. "However, we found wide variations in the study between the attitudes and plans of Japanese and ASEAN organizations. ASEAN organizations feel significantly more at risk, and are rapidly adopting new technologies such as cloud and big data. While Japanese enterprises were significantly more conservative in their use of these technologies with sensitive data, and as such expressed lower levels of concern."
Ordinary employees, privileged users and the supply chain – such as contractors and third party service providers – are all conduits for a traditional insider threat. But the spectrum of insider threats also includes the compromise of these insider accounts by hackers using Advanced Persistent Threat (APT) attacks and other methods. As cloud and big data adoption accelerates, these new technologies also bring new risks to organizations with additional administrative roles and potentials for infrastructure compromise.
Results showed that organizations in both regions felt vulnerable to insider threats. In Japan 87 percent, and in ASEAN 84 percent, but substantial variations were found in many other areas, and against U.S. respondents:
Rates of very or extremely vulnerable to insider threats:
Japan: 17 percent
ASEAN: 33 percent
U.S.: 45 percent
Failed a compliance audit or encountered a data breach in the last year
Japan: 29 percent
ASEAN: 48 percent
U.S.: 44 percent
Top locations at risk for loss of sensitive data:
Japan – mobile devices (58 percent), PCs and workstations (47 percent)
ASEAN – file servers (50 percent), databases (45 percent)
U.S. – cloud environments (46 percent), databases (37 percent)
Insiders that pose the largest risk:
Japan – Ordinary employees (56 percent), Contractors/Service Provider employees (52 percent)
ASEAN – Privileged users (62 percent), Partners with internal access (60 percent)
U.S. – Privileged users (59 percent), Partners with internal access (51 percent)
Increasing IT Security spending to offset threats to data over the next 12 months:
Japan – 27 percent
ASEAN – 64 percent
U.S. – 62 percent
ASEAN respondent results were a close match for U.S respondents concerns in most areas. Japanese respondents especially had views that resemble how U.S and global organizations viewed risks to data a few years ago (based on results from the 2013 Vormetric Insider Threat Report). Recognition of the need for privileged user control, and that large data breaches result from compromises of large data stores are the largest of these changes.
"With the rate of data breaches worldwide accelerating, and with compliance and regulatory requirements for sensitive information increasing as a result, enterprises worldwide are recognizing the need to make changes in their IT security stance," said Tina Stewart, vice president at Vormetric. "Perimeter, network and end point defenses have failed in every recent data breach. Organizations that are placing a priority on increasing data-at-rest defenses such as those in ASEAN (60 percent) and the U.S. (49 percent) will be much better prepared to protect data against attacks. Results from Japanese respondents in this area represent a concern, only 32 percent of respondents planning to increase spending on data-at-rest defenses in our results. But, with the recent disclosures of 25.66 billion attempts to compromise corporate systems in Japan by NICT, we're seeing customers in Japan indicate that data protection is a much greater priority than the results suggest."
www.vormetric.com
