New ESG Research Confirms Organizations Continue to Struggle with Insider Threat Detection
2 in 3 survey respondents unable to turn volumes of security data into intelligent, actionable insights
SAN JOSE, Calif. — August 2, 2019 — Dtex Systems, the leader in insider threat intelligence and detection, today announced the publication of a new Enterprise Strategy Group (ESG) Research Insights Report, “Insider Threat Program Realities.” The report, commissioned by Dtex and based on the survey of 300 security and IT professionals in the US, reveals that a majority of organizations continue to struggle with insider threat detection and management – largely due to outdated systems, immature programs, and insufficient investments.
Of professionals surveyed, 62 percent report that insider threat detection has become more difficult in the last two years, despite exponential increases in the number of insider-related incidents and mindshare dedicated to insider risks. The report highlights several factors responsible for the growing number of complexities and challenges being faced, including:
- Ineffective Solutions: More than 60 percent of respondents identify significant weaknesses with popular insider threat solutions such as Data Loss Prevention (DLP), User Endpoint Behavior Analytics (UEBA), and Employee Monitoring systems.
- Lack of Data Quality: Two in three organizations (66%) report a struggle with turning volumes of security activity and event data being collected into intelligent, actionable insights.
- Insufficient Investments: Seven in 10 organizations (71%) currently dedicate 10 percent or less of their total security budget to insider threat strategies and programs. Nearly half of the organizations surveyed (49%) spend six percent or less on insider threats.
- Privacy Concerns: With heightened concerns and new regulation surrounding employee privacy, 24 percent of respondents report a struggle when it comes to balancing privacy requirements with organizational security needs.
“This research uncovers consistent mismanagement of insider threat programs, greatly increasing cyber-risk. It’s time for security, risk, and technology leaders to rethink their haphazard insider threat strategies and adopt a more comprehensive approach,” said Jon Oltsik, ESG Senior Principal Analyst and ESG Fellow. “Organizations should increase investments in insider threat programs, and focus that spend on advanced, purpose-built solutions that are capable of effectively identifying and managing modern insider threats in an accurate and timely fashion.”
“ESG’s research validates the simple truth that despite billions of dollars being spent on enterprise security, a disproportionate amount of that money is spent on strengthening external threat defenses versus insider threat defenses – even with the overwhelming amount of data that shows insider threats are equally as, if not more, damaging,” said Katie Burnell, Global Insider Threat Specialist at Dtex Systems. “Building a truly comprehensive, effective insider threat management program requires that organizations recognize, and prioritize, the need for a strong foundation of complete visibility and quality user activity data.”
The full report, “Insider Threat Program Realities,” is available for download here.
ESG and Dtex will also host a webinar on Tuesday, August 27th at 1:30pm ET to share an in-depth look at the survey findings and provide guidance on how to effectively manage all types of insider threats. Click here to register.
About Dtex Systems
Dtex provides organizations across the globe with the complete, user-focused visibility needed to strengthen enterprise security posture and more effectively manage insider threats. Dtex’s Enterprise User Intelligence combines high-fidelity user activity data with machine learning and advanced analytics to pinpoint anomalies in real time, elevate areas of risk, generate actionable insights, and provide answers quickly. Collecting only the lightweight data needed to identify risky behaviors, Dtex can be deployed and scaled quickly with no impact on network, endpoint or human performance. Patented features protect user privacy and ensure compliance. Organizations spanning the Fortune 500, government agencies, leading banks, and SMBs use Dtex to gain visibility over hundreds of thousands of users and their endpoints to reduce the risk of data breaches, ransomware, espionage, and IP theft. Investors include Wing Venture Capital and Norwest Venture partners. The Defense Information Systems Agency (DISA), Williams Formula 1 Racing, and Freshfields Bruckhaus Deringer are among customers using Dtex to reduce insider threat risk. https://www.dtexsystems.com/
Media Relations Contact