Balabit eCSI Report underlines that it is time to allocate IT security budgeting according to real, human threats
Egham, UK, 18 March, 2014 – Balabit IT Security, a global leader in the development of privileged activity monitoring, trusted logging and proxy-based gateway technologies today announced its latest eCSI Report survey results from the Gartner Identity & Access Management Summit 2014. The survey was conducted among nearly 300 attendees at the recent RSA® Conference, San Francisco. The survey results show that 84 percent of IT security related losses can be attributed to human elements (such as human error, sophisticated internal or external attackers) with the remaining 16 percent related to infrastructure issues (system malfunction, automated attack). The survey noted that, when it comes to budgeting, the ratio is quite balanced: only 55 percent of budgets are spent for managing human risk and 45 percent for infrastructure risk.
Companies still concentrate their IT security resources on infrastructure security and external risk factors. Respondents ranked the main risk factors according to their share of IT budgets in the following order:
But, when IT security threats were ranked in order of potential costs, results show a very different picture:
“The biggest difference that our survey revealed is that IT professionals clearly see that human errors cause 51 percent of their losses. But when they are planning their budget, only 13 percent of them put preventing human errors at the top of the list and even 40 percent of respondents ranked human errors as least important. If companies are aiming to spend their IT security budget responsibly, it’s high time to do away with this commonly held fallacy”- said Zoltán Györkő, CEO of Balabit IT Security.
IT security experts not only need to build and maintain secure IT systems, but also need to ensure business continuity and support users do their job. RSA Conference attendees were asked to estimate, how much the level of their IT security at their company is reduced by satisfying the needs of special users. 83 percent of respondents said that their security level is reduced (heavily 19%, notably 32% or moderately 32%), to accommodate special users.
“Access controls can be self-defeating. Because of their inflexibility, they are often not able to prevent breaches but restrict people from doing their jobs efficiently. Advanced monitoring can be effective tool against IT security risks related to human elements, regardless whether the source is external or internal. Human risks can be highly decreased by detecting and blocking suspicious user activities. Real time alerting and monitoring is inevitable for privileged accounts, which have rights to access, modify or delete sensitive company information, no wonder their credentials are the primary target for hackers. . A higher rate of detection – even during preparation – is more deterrent than passive control and more business-friendly at the same time” – Györkő added.
About Gartner Identity & Access Management Summit 2014
The Gartner Identity and Access Management Summit is the only event that focuses entirely on the technology, tools and techniques needed to establish successful, mature IAM programmes. Attendees will learn best practices and how to make the business case for the advantages IAM acan bring, while minimising expenditure and maximising value for their organisations. For further information about the Gartner Identity & Access Management Summit 2014 taking place on 17-18 March, in London, please visit europe.gartner.com/iam. You can also follow the event on Twitter at http://twitter.com/Gartner_inc using #GartnerIAM.
Balabit IT Security is an innovative information security company, a global leader in the development of privileged activity monitoring, trusted logging and proxy-based gateway technologies to help protect customers against internal and external threats and meet security and compliance regulations. As an active member of the open source community, we provide solutions to a uniquely wide range of both open source and proprietary platforms, even for the most complex and heterogeneous IT systems across physical, virtual and cloud environments.
Balabit is also known as “the syslog-ng company”, based on the company’s flagship product, the open source log server application, which is used by more than 1 million installations worldwide and became the globally acknowledged de-facto industry standard.
Balabit, a fastest growing IT security software developer company based on Deloitte Technology Fast 50 CE Lists, where Balabit has been included four times in the fast five years, has local offices in France, Germany, Russia, and in the USA, and cooperates with partners worldwide. Our R&D and global support centers are located in Hungary, Europe.
For more information, visit www.balabit.com.
Office Phone: +36 1 398 6700
Cell Phone: +36 20 390 4139