Sybase User Report Reveals Insider Threats, Manual Processes Plague Data Managers

    By: ISUG-TECH News on May 19, 2011

    NEW YORK – May 18, 2011 – Application Security, Inc.(AppSec), the leading provider of database security, risk and compliance solutions (SRC) for the enterprise, Unisphere Research, and the International Sybase Users Group (ISUG),today unveiled the findings from the “2011 ISUG Report On Data Security Management Challenges.”The study polled 216 ISUG members, and the findings reveal that the greatest challenges or risks to database security are thought to comefrom insiders, via human error or abused privileges, as opposed to external hacker activity. Significant to the study was the representation from financial services organizations, which accounted for nearly 25% of the total respondents in this survey.

    According to the report, 56% of the non-financial services respondents feel that human error represents the greatest challenge or risk to database security while 24% state that abuse of privileges are the greatest threat. Showing the heightened awareness of the insider threat in the financial services marketplace specifically, 77% are mostly concerned with human error and nearly half (48%) are kept awake at night at the thought of insider privilege misuse.

    Among the respondents aware of a data breach that occurred over the past months, two-thirds (66%) indicate that it was a result of either human error or an insider attack.

    Other alarming findings suggest that most organizations are still not leveraging automated technology to handle complex database security activities, which can lead to significant wasted time and a far greater chance of human error caused by the tedious task of managing manual processes.

    The database activities consuming the most time (with more than 25% of user time dedicated to the activity) according to the report are; database configuration and patch management (28%), database audit and threat management/database activity monitoring (18%), database user rights management (17%), database asset management (14%), database vulnerability management (13%) and database policy management (11%).

    Not surprisingly, the Sybase user community feels that there is a wide disconnect between the individuals charged with ensuring database security and their corporate management. While database professionals and managers are expected to oversee information security, many are not aware of the levels of corporate commitment.

    What did come as a bit of a surprise is that the vast majority of respondents (73%) feel that most or all confidential data is adequately protected and more than half (56%) believe that it is unlikely that they will face a data breach – internal or external – within the next 12 months. Just 2% cite that the likelihood of an internal or external breach in the next year is “inevitable”.

    “When you look at the survey results as a whole, some of the data just doesn’t add up,” said Joe McKendrick, Lead Analyst, Unisphere Research. “On one hand, users feel that they are doing an effective job in providing data security for their organizations, yet the data from some of the more pointed questions yield answers that are in direct conflict with that notion. This false sense of security could very well prove to be the most significant finding across this user group survey.”

    The six-part, 39 question survey explored and revealed information about the current state of database security across organizations with Sybase databases in production, active management of data security, data exposure, compliance and auditing, data environments and company demographics.To download a copy of the report “Data Security Management Challenges,” please click here or visit: http://www.appsecinc.com.

    “It is disconcerting to continue to see survey results of this nature,” said Thom VanHorn, Vice President Global Marketing, AppSec. “Sybase databases are prevalent in the financial services community and organizations, from the top down, must focus their resources on ensuring database security best practices are in place. Until they do, the breach madness is certain to continue.”

    Released: May 19, 2011, 12:56 pm | Updated: March 22, 2014, 4:02 pm
    Keywords: Analysis News | Data Security


     

     

    TwitterLLinkedinLFacebook

    Copyright © 2014 ISUG-TECH. All Rights Reserved
    All material, files, logos and trademarks within this site are copyright their respective organizations

    Terms of Service - Privacy Policy - Contact the Help Desk