Is the greatest threat to a business from inside?

The actions of a firm's own staff, suppliers and partners could pose more of an immediate danger to its business than external threats, according to a new report...

LONDON - 15. April 2016.

Clearswift's Insider Threat Index set about examining the risks insiders pose to their companies - as well as why they have been slow to address internal security threats - by polling 500 IT decision-makers and 4,000 workers across the UK, Germany, Australia and the US. 

While many said they were aware of the significance of data protection, few took steps to ensure data security in the workplace over seeking to perform their jobs efficiently.

As such, around 40% of companies expect their data to be breached over the next year because of employee behaviour, while staff generally indicated a comprehensive lack of awareness and best cyber-security practice.

Last year, some 78% of breaches were shown to have originated from within businesses' extended enterprises, including contractors and former employees.

Nearly all US businesses (92%) were shown to have experienced some sort of data breach in 2015, of which 40% reported growth in the number of internal breaches.

More often than not, the report found, internal data breaches were accidental rather than malicious with 62% of security incidents arising from either inadvertent or accidental behaviour against 38% of breaches caused by deliberate activity.

Many breaches occurred as a consequence of staff using their own devices to work from, as well as sometimes inadvertently uploading their company data to a personal cloud by accessing it from a tablet or mobile phone.

As well as the threat from personal devices being merged with office supplied hardware, bringing in viruses and potential backdoor access programmes, IT departments have the added headache of not being able to track staff's usage of company networks and data sources owing to the comparative anonymity of using personal hardware.

Education and training are key in fixing these gaping internal security holes, according to the survey's researchers, to strike a balance between productive work habits and safeguarding enterprise data.

The recipe for protecting a firm against data breaches - whether internal or external - involves the use of good data protection habits and considered data security policies, the researchers found.

Teaching staff how to protect critical information, making workers consider the consequences of a breach and upping expenditure in data loss prevention tools were also deemed critical to reduce the risk of a business suffering an internal security breach.

In figures:

75% of employees believed their firm provided inadequate levels of information about data policies, and what expectations managers have of them in this area;

73% of breaches originated from within businesses' extended enterprises worldwide, in 2015;

72% of global security professionals don't think their Boards treat internal security threats at the same level of importance as external threats;

58% of employees lack fundamental understanding of what constitutes a security threat within their firms;

50% of global employees confess to disregarding data protection policies so they can get their job done.

Presswire, Presswire

Further Information