Lanxoma Survey Reveals the Grim Truth About Insider Threat
Respondents believe that operational and financial reductions in current economy put them at higher risk for insider attacks
(15, December 2008) — Lanxoma, provider of the industry's first Restricted Access Permission System (RAPS), today announced results from a survey the company conducted to tap into the industry's experience with insider threat. Lanxoma's survey revealed that more than 43 percent of respondents have experienced fraud theft or losses by employees with access to sensitive information and systems, and 12 percent of those respondents said they have experienced a substantial amount of malevolent activity. Moreover, nearly 72 percent of respondents said that because they have had to make layoffs, cut back on raises and defer promotions, they believe they are at higher risk for insider attacks.
"The survey confirms our suspicions in every way," said Manoj Patel, CEO and founder of Lanxoma. "Organizations need to become more informed about insider threat, who is committing insider attacks, and what they need to be doing to prevent attacks. Lanxoma is here to help businesses with all of these things, and this survey shows that there is certainly a market for our product and our services."
Lanxoma, part of Unity Solutions (UES Ltd), is the industry's first RAPS and is currently rolling out with a client on more than 2,000 PCs in four countries. Lanxoma restricts IT technician access to systems and allows IT leaders to record each keystroke, mouse movement, screen viewed and audio heard when techs are the system. The solution provides in-depth investigation and forensics for insider attacks and alerts organizations to unauthorized systems access so they can combat and prevent insider attacks. Lanxoma also provides full compliance with regulatory mandates. View on line Lanxoma demo here.
Lanxoma's survey found that many organizations underestimate employee satisfaction as a factor for insider attack. More than 28 percent of respondents said they believe that employees with a technical background who are capable of hacking are most at risk of committing insider attacks. Industry experts state that employees need not be technical whizzes to commit attacks, they just need access to the right information, such as customer account information. According to experts, employees who pose the highest risk are those who are dissatisfied with their jobs or who are under-recognized; however, only 20 percent of respondents identified these employees as the most high-risk.
Moreover, when it comes to insider threat, many organizations are just poorly prepared. Only 20 percent of respondents said they have solid processes and security measures in place to combat insider threat, while 51 percent said they had some processes and measures in place but could do more. Thirteen percent of respondents said they have no processes or security measures in place to combat insider threat.
The news is even worse when it comes to monitoring privileged access users and employees who move within the organization. More than 60 percent of respondents said that they do not monitor privileged access users consistently, and more than 47 percent don't impose access restrictions for employees who move within the organization. Furthermore, nearly half of respondents said that their organizations either don't have or could have better security policies in place.
"These are just attacks waiting to happen," Patel said. "By not consistently monitoring these employees, organizations are leaving the door wide open — sometimes literally — for them to carry out insider fraud, theft and other malevolent acts."
With Lanxoma, IT technicians require management approval to gain access to a system, and technicians must state the purpose and estimated time required for their access. While inside the system, each keystroke, mouse movement, screen viewed and audio heard is digitally recorded and available for subsequent playback. Technicians are notified that their activity will be recorded. When a technician logs in or out, IT leaders are advised by e-mail, instant message or text message, so unexpected activity can be investigated immediately. In the event of legal proceedings, Lanxoma can also provide digitally signed evidence.
"Lanxoma provides a solid, secure way for organizations to combat insider threat, and we offer the only product of its kind on the market," Patel said. "We are serious about insider threat, and organizations should be, too, especially in today's financial and economic climate."
Lanxoma was developed by the in-house software research and development team of Unity Solutions in the U.K. in response to the auditors' requirement of a global pharmaceutical manufacturing company, a long-term client of Unity Solutions.
Unity Solutions (UES Limited) was established in the U.K. in 1999 and rapidly established a global client base for its utilities and tools for ERP users. This business grew further with consultancy and software integration services and the creation of products for third-party sales. Projected sales for 2008 for Unity Solutions are in excess of $6 million. The company is privately owned, self-funded, debt-free and profitable.
During 2008 Unity Solutions moved headquarters to newly constructed high-tech premises in Leigh, Cheshire, U.K. In the same year, Unity Solutions, LLC, was established and an office opened in Clearwater, Fla. Technical support is currently available in the U.K. and North America with other locations scheduled to commence operation in early 2009. For more information about Unity Solutions, visit http://www.unitysolutions.com
For more information contact:
Jones Public Relations