Despite the perception that hackers are an organisation’s biggest cyber security threat, insiders, including careless or naive employees, are now viewed as an equally important problem, according to new research conducted by Dimensional Research on behalf of Preempt.
The growing security threat from insiders report found that 49% of IT security professionals surveyed were more concerned about internal threats than external threats, with the majority (87%) most concerned about naive individuals or employees who bend the rules to get their job done. Only 13% were more concerned about malicious insiders who intend to do harm.
Malware unintentionally installed by employees ranked as the top internal security concern with 73% of respondents claiming they were worried about it, ahead of stolen or compromised credentials (66%), snatched data (65%) and abuse of admin privileges (63%).
“Internal threats are emerging as equally as important as external threats, according to respondents. This means that an employee cutting corners to get their job done more efficiently is viewed as potentially just as dangerous as a malicious external hacker,” said Diane Hagglund, founder and principal of Dimensional Research. “Yet these views aren’t reflected in the allocation of security budgets, which is traditionally focused on perimeter security.”
In addition to concerns about insider threats, the report also analysed cyber security training and end user engagement programmes. While nearly all of the organisations surveyed (95%) provide end user security training, very few (10%) believe the training is very effective.
Cyber security is also a major concern for business continuity professionals, with cyber attacks and data breaches featuring as the top two threats yet again in the Business Continuity institute’s latest Horizon Scan Report. It is perhaps for this reason that it was chosen as the theme for Business Continuity Awareness Week 2017 with the intention of improving an organisation’s overall resilience by improving cyber resilience, and recognising that people are key to achieving this.
“Intentional or not, insider threats are real,” says Ajit Sancheti, co-founder and CEO of Preempt. “From Snowden to the FDIC, headlines continue to emerge and we need to take a new approach to get ahead of insider threats. Without real-time prevention solutions and improved employee engagement, these threats will not only increase, but find more sophisticated ways to infiltrate and navigate a network. The future of security practices rely on the ability to not only understand users and anticipate attacks, but also how to mitigate threats as quickly as possible.”