Research from Clearswift, the global data loss prevention company, has uncovered a dramatic rise in security threats directly caused by individuals inside organisations. A staggering 88% of businesses polled internationally have experienced an IT or security incident in the last 12 months, with 73% of those attributed to their employees, ex-employees, contractors and partners (known as the extended enterprise), compared to last year’s figure of 58%. This shows that businesses face growing threats from within.
Clearswift polled over 500 IT decision makers and 4,000 employees internationally to assess views on security from both the decision-maker level and those who are expected to comply. The full report will be available in May - more information below.
70% of respondents believe that high-profile security stories such as the Edward Snowden scandal and the Sony Pictures data breach have forced internal security threats up the corporate agenda, but only 28% think that internal breaches are treated with the same level of importance as external threats by the board. 14% go as far to say that until their organisation has a serious data breach that was caused by an internal actor; it will never be taken as seriously as the threat of external hackers.
Simple lack of awareness and understanding of data security threats was the most commonly perceived factor contributing to the rise of internal threats (58%). Other issues raised were the use of forbidden apps, personal devices that do not adhere to IT policies, and a general contempt for following protocol.
Because insider threats are generally not malicious, they present a greater concern than planned attacks for businesses, as around half of employees would be perceived as being capable of causing a breach by accident. To prevent these easily-caused and potentially damaging incidents, it is vital for a business to deploy both the tools and policies to minimise the risk of accidents occurring.
Guy Bunker, SVP Products at Clearswift comments: “Many businesses are still struggling to accept that one of their biggest security risks could come from people they employ in their organisation. High-profile attacks, such as the Sony Pictures data breach are helping to shed light on these occurrences, but many people don’t realise that this was how the attack began and wouldn’t liken the situation to their own business ... unless of course it does happen to them. Organisations need to be prepared for both accidental and malicious data loss and ensure that adaptive prevention methods are put in place to stop them at the root – before they can even leave an individual’s computer or device.”