Research Shows Businesses Not Prioritizing Growing Insider Security Threat
A new survey of businesses conducted by Clearswift shows 73% of data and security breaches in last 12 months attributed to internal sources.
A new survey on enterprise security practices revealed that 88% of businesses polled have experienced an IT or security incident in the last 12 months, with 73 percent of those attributed to internal sources rather than external threats, according to Clearswift, a global data loss prevention company based here.
The “Enemy Within” survey findings underscore the growing impact of the extended enterprise, including companies’ employees, ex-employees, contractors and partners, on IT security.
The Clearswift-sponsored survey was independently conducted by Loudhouse, a U.K.-based technology and B2B research firm. Polling more than 500 IT decision makers and 4,000 employees in the United States, U.K., Australia and Germany, the survey found that while 70% of respondents believe high-profile security incidents such as the Edward Snowden scandal and the Sony Pictures data breach have moved internal security threats up the corporate agenda, only 28% think internal breaches are treated with the same level of importance as external.
In general, insider threats are not malicious, but they should present a greater concern than planned attacks for businesses because around half of employees would be perceived as being capable of causing a breach by accident, according to Clearswift.
In addition to a general lack of prioritization of insider threats, 145 believe they will not receive the same level of attention as external threats until their organization actually experiences a serious data breach due to accidental or malicious activity by an internal source. Furthermore, only 25% of employees believe their company does enough to make employees aware of how they should protect sensitive business information, highlighting a potential disconnect between security practices and education.
Initial findings of the survey also highlighted the most common causes of insider-induced security incidents, including:
• 74% of respondents believe social media has exacerbated the internal security threat by creating more opportunities for information to leave the organizations.
• 58% believe that a general lack of awareness or understanding of data security threats is the main cause, while 56% attribute it to increased use of cloud apps.
• 45% believe removable storage devices such as USB drives are the biggest internal security threat, with users not following data protection policies and protocols (44%) and employee use of non-authorized tools and applications (39%) are also viewed as contributors.
“While recent high-profile breaches have begun to shift the spotlight from external to internal threats, many businesses struggle to accept that one of their biggest security risks could come from their own employees,” said Guy Bunker, a senior vice president at Clearswift. “Organizations that want to avoid the risk and stress of internal threats can prepare for both accidental and malicious data loss by ensuring that adaptive prevention methods are put in place to stop threats at the root – before they leave an individual’s computer or device.”