July 18, 2019

SolarWinds New APAC Research Shows Insider Threats Rank as Top Cybersecurity Threat Concern

Written by

SolarWinds, a leading provider of powerful and affordable IT management software, today released the findings of the newest SolarWinds cybersecurity research at RSA Singapore (Booth #1420). The research provides a pulse check on recent cybersecurity trends in both Singapore and Hong Kong and explores the top threat concerns, along with the technologies and skillsets needed to successfully manage both internal and external cybersecurity threats.

The research found that internal factors-both people and technology-cast a bigger cybersecurity threat than external factors and are ranked as the top concern. Out of all cybersecurity incidents experienced by respondents, the largest portion reported was caused by internal users making mistakes, at 65 percent, followed by 43 percent attributed to external threat actors. Sixty-six percent of respondents reported that regular employees pose the biggest risk, with 46 percent attributing the cause to poor password management and/or weak passwords, and 45 percent to accidents.

Despite cybersecurity threats (both internal and external) becoming a norm in today's landscape, 97 percent of respondents felt ill-equipped to successfully implement and/or manage one or more cybersecurity tasks today given their current IT skillset. Moreover, 36 percent said budget constraints were the most significant barrier to maintaining or improving their current IT security.

"Organisations are increasingly vigilant about securing their IT environments, and they're stepping up both offensive and defensive practices. However, the findings from this research echo what we are seeing time and time again- that insider vulnerabilities are the top threat vector vs. external attacks. We need to remember that security is about more than technology; it's also about people," explained Tim Brown, vice president of security, SolarWinds. "At SolarWinds, we work diligently as a partner, not just another vendor, to help our partners strengthen their defences at all layers and close the threat gaps, both inside and out."

"IT professionals are being challenged to operate more and more like security professionals," stated Brandon Shopp, vice president of products, security, SolarWinds. "Things like skills gaps and budget worries, as demonstrated in our most recent research, are still very real concerns, and the threat risks are escalating at all levels. There's good news though; a technology professional absolutely doesn't need to go full on security operations professional to achieve good security. SolarWinds is committed to giving IT professionals at all levels the confidence they need to meet these challenges head on, with products like SolarWinds Access Rights Manager that can help manage the people side of the equation, and SolarWinds Backup, that can help speed up recovery, whether the loss is based on human error or attack. Our promise is simple; it's for a new era called ‘security simplified.'"

RSA Singapore attendees will have the opportunity to receive in-depth demos of SolarWinds security solutions, including SolarWinds Access Rights Manager (ARM)SolarWinds Security Event Manager (SEM)SolarWinds Threat MonitorSolarWinds BackupSolarWinds Mail AssureSolarWinds PassportalSolarWinds Risk Intelligence, and SolarWinds Patch Manager-plus a suite of monitoring and management platforms with security baked in, including capabilities for robust endpoint detection and response.  These products clearly address the gaps identified by the research findings-around more affordable solutions, technologies that help mitigate skills shortages, the need for a layered approach to security, and one that fights threats from both the inside and outside of an organization's technology infrastructure.

Key Findings

Threat Trends-Internal Threats Top the List

  • In the past 12 months:
    • Out of a variety of security incidents, 65 percent of respondents attributed the largest portion of cybersecurity threats to internal users making mistakes, while 43 percent attributed at least a portion to external threat actors.
    • 66 percent indicated regular employees are the users who pose the biggest risk for insider abuse and/or misuse.
    • 46 percent named poor password management as the most common cause of accidental/careless insider breaches from employees and contractors, while 45 percent called out accidentally exposing, deleting, corrupting, and/or modifying critical data as the most common cause.
  • In the coming 12 months:
    • 39 percent of respondents are "extremely concerned" about internal users making mistakes that put organisations at risk; followed by 29 percent and 26 percent indicating exposure caused by poor network system and/or system security and malicious employees stealing assets and/or IP as the top concerns respectively.
    • 43 percent are "extremely concerned" that cybercriminals will lead to security incidents, followed by 35 percent indicating cyberterrorists, and 24 percent indicating nation state actors as top concerns.

IT Skillsets and Landscape-Skills Gaps and Budget Concerns

  • 97 percent of respondents feel unequipped to successfully implement and/or manage one or more cybersecurity tasks today given their current IT skillset.
  • 36 percent named budget constraints as the most significant barrier to maintaining and/or improving IT security, followed by competing priorities and/or initiatives and complexity of IT infrastructure.
  • Close to 50 percent have a hybrid approach to their IT security, protecting and managing the security of their own network while also using a managed provider to deliver some security services.

Top Technologies-Good Combination of Protect/Detect

  • Top technologies used by technology professionals according to respondents include:
    • Protection:
      • Endpoint protection (78 percent)
      • Email security (74 percent)
      • Patch management (62 percent)
    • Detection:
      • IDS &/or IPS (61 percent)
      • Access rights management (59 percent)
      • Vulnerability assessment (58 percent)
    • Response and Recovery:
      • Backup and recovery (84 percent)
      • Incident response (71 percent)
      • Access rights management (52 percent)
    • Risk Management:
      • Asset management (62 percent)
      • Governance, risk & compliance (GRC) (59 percent)
      • Identity governance (43 percent)
David Marshall

David Marshall has been involved in the technology industry for over 19 years, and he's been working with virtualization software since 1999. He was able to become an industry expert in virtualization by becoming a pioneer in that field - one of the few people in the industry allowed to work with Alpha stage server virtualization software from industry leaders: VMware (ESX Server), Connectix and Microsoft (Virtual Server).

Through the years, he has invented, marketed and helped launch a number of successful virtualization software companies and products. David holds a BS degree in Finance, an Information Technology Certification, and a number of vendor certifications from Microsoft, CompTia and others. He's also co-authored two published books: "VMware ESX Essentials in the Virtual Data Center" and "Advanced Server Virtualization: VMware and Microsoft Platforms in the Virtual Data Center" and acted as technical editor for two popular Virtualization "For Dummies" books. With his remaining spare time, David founded and operates one of the oldest independent virtualization news blogs, VMblog.com. And co-founded CloudCow.com, a publication dedicated to Cloud Computing. Starting in 2009 and continuing all the way to 2016, David has been honored with the vExpert distinction by VMware for his virtualization evangelism.

Platinum Sponsors

Learn more about Bitdefender

Learn more about Datrium

Learn more about Extrahop

Learn more about FireMon

logo hitachi 600

Learn more about LG Business Solutions

Learn more about Liquidware

Learn more about Solarwinds

Learn more about Veeam

Learn more about Zadara

Gold Sponsors

Learn more about iland

Learn more about Pivot3

Learn more about Morpheus

logo nakivo 600

Learn More about Platform9

Learn more about thinprint

Learn more about vembu

Learn more about virtustream

Learn more about Zerto

Latest Tweets

Latest Videos