With the recent wave of high-profile attacks against major banks and retailers, cybercrime has come to dominate the headlines in the security world, but a new study from Vormetric, Inc. reveals that it’s not outside but rather insider threats that top the agenda for corporate leaders. The Edward Snowden saga has clearly made its mark on the enterprise.

Over 90 percent of respondents hailing from the U.S. reported that their organizations are vulnerable to dangers from insiders, a broad category encompassing both deliberately malicious activity and the typically much more common issue of negligent security practices. That concern is seemingly warranted considering that the two threats represented the single biggest source of data breaches in 2013, although there’s more to the picture than that.

Vormetric found that American technology leaders are twice as worried about insider breaches as their counterparts in Germany, where only 41 percent of participants said they’re losing sleep over the prospect of attacks originating from inside the corporate network. At least some of the discrepancy can be attributed to differences in regulations on how companies can manage their data, which is generally perceived to be much stricter across the pond.

Indeed, many of the biggest victims in the past year’s hacking spree – including Target Corp. and Sony Corp. – were found to meet compliance requirements at the time of the attacks. That suggests that, while important, meeting regulatory requirements doesn’t cut it alone to prevent breaches.

But although Vortmetric saw regulatory compliance drop to last place on the list of security spending priorities while more meaningful objectives such as meeting users’ privacy requirements rose, it found that companies are still not doing enough to address evolving security needs. Their handling of insider threats is especially lackluster.

More than half of organizations ranked “privileged users” with elevated access to systems – that is, administrators – as the most dangerous sub-group, yet only 58 said that their organizations have the ability to control their actions. Fewer still – 56 percent – said that there have monitoring mechanics in place to detect suspicious activity.

Following close behind admins on the fear index are contractors, with 46 of participants expressing concern over the risks associated with workers who don’t work directly for the organization. That is no doubt influenced by the fact that Edward Snowden famously served as a contractor during his time at the NSA. Non-employees were seen as a bigger danger than even outside partners with internal access.

But it’s not only insider threats that organizations are struggling to address. Vormetric says that only a little over one-quarter of respondents said that their companies employ tokenization to handle sensitive information, while a mere 37 percent use data masking. The study joins a stack of recent reports that highlight the fact that there is still much to improve in enterprise security even as network protection practitioners boast of being more confident than ever in their abilities to defend against hackers.

DeviantArt photo by Nixelz