Research: Businesses Not Prioritizing Growing Insider Security Threat

A new survey of businesses conducted by Clearswift shows 73% of data and security breaches in last 12 months attributed to internal sources.

THEALE, England – A new survey on enterprise security practices revealed that 88% of businesses polled have experienced an IT or security incident in the last 12 months, with 73 percent of those attributed to internal sources rather than external threats, according to Clearswift, a global data loss prevention company based here.

The “Enemy Within” survey findings underscore the growing impact of the extended enterprise, including companies’ employees, ex-employees, contractors and partners, on IT security.

The Clearswift-sponsored survey was independently conducted by Loudhouse, a U.K.-based technology and B2B research firm. Polling more than 500 IT decision makers and 4,000 employees in the United States, U.K., Australia and Germany, the survey found that while 70% of respondents believe high-profile security incidents such as the Edward Snowden scandal and the Sony Pictures data breach have moved internal security threats up the corporate agenda, only 28% think internal breaches are treated with the same level of importance as external.

RELATED: Confronting the Cybersecurity Challenge

In general, insider threats are not malicious, but they should present a greater concern than planned attacks for businesses because around half of employees would be perceived as being capable of causing a breach by accident, according to Clearswift.

In addition to a general lack of prioritization of insider threats, 145 believe they will not receive the same level of attention as external threats until their organization actually experiences a serious data breach due to accidental or malicious activity by an internal source. Furthermore, only 25% of employees believe their company does enough to make employees aware of how they should protect sensitive business information, highlighting a potential disconnect between security practices and education.

RELATED: New SSI Research: Rating the Cybersecurity Risk

Initial findings of the survey also highlighted the most common causes of insider-induced security incidents, including:

• 74% of respondents believe social media has exacerbated the internal security threat by creating more opportunities for information to leave the organizations.

• 58% believe that a general lack of awareness or understanding of data security threats is the main cause, while 56% attribute it to increased use of cloud apps.

• 45% believe removable storage devices such as USB drives are the biggest internal security threat, with users not following data protection policies and protocols (44%) and employee use of non-authorized tools and applications (39%) are also viewed as contributors.

“While recent high-profile breaches have begun to shift the spotlight from external to internal threats, many businesses struggle to accept that one of their biggest security risks could come from their own employees,” said Guy Bunker, a senior vice president at Clearswift. “Organizations that want to avoid the risk and stress of internal threats can prepare for both accidental and malicious data loss by ensuring that adaptive prevention methods are put in place to stop threats at the root – before they leave an individual’s computer or device.”

For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.

A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!


Get Our Newsletters