The biggest data breach threats to credit unions may be internal, according to a recent survey. “Insider Threats and the Need for a Fast and Directed Response” showed that 74% of tech personnel suffer from staff risk concerns that carry over to their institutions.

The survey, conducted by the SANS Institute and sponsored by Vero Beach, Fla. behavior analysis software vendor SpectorSoft, took place between December 2014 and January 2015. It used responses from 772 IT professionals representing a cross-section of industries and organizations from technology, government, financial, education and healthcare sectors.

According to a SpectorSoft press release, survey results indicate that most organizations have gaping security holes when it comes to protecting themselves against insider threats. In fact, 32% have no ability to prevent an insider attack, putting themselves at severe risk for significant data loss as well as damage to their brand and reputation. What's worse is they know it's a serious priority – almost all respondents say they're concerned that insiders could be detrimental to their organizations.

Although organizations know insider attacks pose a salient threat, spending on insider threat defenses falls short. Without a comprehensive understanding of what they are spending to prevent the problem, it is likely that organizations also will not know what insider threat defenses they lack, or where they can invest further to fill in security gaps and bolster protection against a potential insider attack.

Other results of the survey include: 44% of respondents said they don't know how much they currently spend on solutions that mitigate insider threats; 45% don't know how much they plan to spend on insider threat technology in the next 12 months; 52% of respondents cannot size the potential damage; and 44% do not know what they are spending to address the threat.

As awareness of data loss gains momentum, more organizations are starting to understand the importance of incident response plans, with 69% of respondents maintaining that they currently have one in place.

Causes behind these security gaps are numerous, with respondents citing lack of training, lack of budget and lack of internal staff as the three most significant reasons for lack of insider threat defenses. However, in addition to budget and staffing woes, 28% of all respondents claim that insider threat detection and prevention is not even a priority in their organizations.

In addition, the majority of credit unions have serious security concerns regarding insider threats, according to the results of a survey conducted by Westport, Conn.-based Awareness Technologies in partnership with the CUNA Strategic Services.

Results indicated that 83% of surveyed financial institutions admit a big concern about confidential information transferred to unauthorized recipients, while another 52% are worried about sensitive data transferred by use of removable media.

Even more concerning, 77% of all credit unions surveyed said they do not believe or were unsure if they had complete protection regarding internal data threats. However, 62% stated they already have security controls in place.

In addition, at an international gathering of IT security pros attending the E-Crimes Congress in London,, a survey conducted by security solutions provider Websense found a sizable majority (70%) believe the CEO is ultimately responsible in the event of a data breach, followed by those who believe responsibility lies with the chief security officer (13%), board members other than the CEO or CSO (9%), the IT department (5%) and the individual employee involved (4%).

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).