BYOD Passwords Hacking Cloud Compliance Reviews Privacy

Current Filter: Security>>>>>>

PREVIOUS

   Current Article ID:3898

NEXT



Internal security breaches soar

Editorial Type: Industry Focus     Date: 03-2014    Views: 2524   











Despite the widespread occurrence of the insider threat, only one in four I.T. professionals consider this to be a security priority

More than 300,000 internal security breaches took place in UK businesses in the last 12 months, an average of 1,190 per working day. The findings, released by security software provider IS Decisions in a new report, also found that, despite this regular occurrence, only 25% of IT managers consider insider threats to be in their top three security priorities.

The new report, titled 'The Insider Threat Security Manifesto: Beating the threat from within', highlights the issue of internal security as a greater challenge for larger organisations, with 32% of businesses of over 500 employees having had internal security breaches in the last year. It also compares the occurrence of, and IT professional's attitudes towards, insider threats in the US, where the trend was echoed, with just 17.5% voicing concern, despite over 666,000 internal security breaches in the last year.

LOW PRIORITY
Insider threats continue to be a relatively low priority for IT professionals, with the research finding the issue is trumped by concern about the threats of viruses (67%), data loss (47%) and hacking (39%). Yet the numbers suggest that the greatest source of data loss is, in fact, from employees, indicating that IT professionals are neglecting to look at their own internal structures seriously enough.

Francois Amigorena, CEO of IS Decisions, comments: "It is human nature to see external sources as your greatest threat and that, coupled with the fact that insider threat is a complex issue to manage, has led to IT professionals seemingly turning a blind eye to the issue." The good news is that there is a lot that IT departments can do to mitigate the risks. "It's a technology issue, as well as a cultural one, and can be addressed from both of these angles."

ENEMY WITHIN THE GATES
Ask any IT professional to name the security threats to their organisation and they will probably reel off a list of external sources; hackers, viruses, denial of service attacks and phishing, states IS Decisions. "But are these dangers from outside of a business really the greatest security threat?" it asks in the report. "More often than not, the greatest risk to any organisation comes from within. That unhappy employee or rogue insider who will go to any length to gain access to the organisation's crown jewels, share the sensitive data they get their hands on and even put it to some other unscrupulous use such as insider trading."

As the Edward Snowden scandal highlighted, if a disgruntled worker is determined to unearth critical information, it is not that hard to do so. "Snowden was an IT contractor, but he gained access to files he should not have by simply asking his colleagues to share their passwords. Once he had the log-on details, he went in search of highly confidential and sensitive data. Of course, malicious employees are the exception, rather than the rule."But they are not the only insider threat, the report points out. "Ignorant users are also perilous and Forrester research has shown that the greatest volume of security breaches (36%) come from employees inadvertently misusing data."

Mitigating the risks around insider threats is not a simple task, IS Decisions concedes. "Nearly 9 out of 10 (86%) of IT professionals told us they did not realise that technology could help solve insider threats, so they seem to understand it as more of a cultural and organisational issue. Which it is, but technology can certainly help mitigate the risks; an optimum strategy should approach the issue from both angles."

A GLOBAL RISK
The insider threat, whereby an employee acts, knowingly or unknowingly, in a counter-productive way to cause significant damage to his/her organisation, has become a key risk for organisations around the world. This, says PA Consulting, is in part driven by the greater access individuals have to critical information and systems, as organisations become more and more connected. Also, ever more sophisticated methods of carrying out a cyber attack and the availability of more outlets for leaking information are increasing the threat.



Page   1  2

Like this article? Click here to get the Newsletter and Magazine Free!

Email The Editor!         OR         Forward ArticleGo Top


PREVIOUS

                    


NEXT