A survey among 250 IT security people, during this year’s Infosecurity Europe show, has found that a fifth of organisations believe malicious insiders pose the biggest threat to their security. A further 44 per cent suggest employee’s ignorance could also cause defences to crumble. Hardly surprising, then, that this audience firmly pointed the finger at ‘people’ (70pc) as the most frequent point of failure in an organisation’s IT security, with 20pc citing processes and just 9pc at technology.
The study, sponsored by AppRiver – a provider of email messaging and Web security software, is a repeat of a survey first conducted amongst 110 IT security people attending RSA in San Francisco earlier this year. That study found that, while the UK suspect internal breaches, more than 61pc of US professionals cite the biggest threat to their organisation’s security as cybercrime from external sources (compared to 35pc in the UK) with only 33% suggesting the non-malicious insider as causing the most concern. Remarkably, just over 5pc of US respondents blamed malicious insiders for breaches.
Troy Gill, senior security analyst of AppRiver, said: “Whilst the US blames external influences, the UK recognises it is their own people who can act as the weakest link in an organisation’s IT security posture – with ignorance the overarching driver. While it’s hard to plan for ignorance, the combination of education and automation would certainly help mitigate most non-malicious threats especially as many IT professionals have faith in the technology they’re deploying.”
When asked to name the most dangerous threat to the security of their organisation, both UK and US professionals agree that malware, including email-borne and web-based threats, topped the list of most concerning threat vectors, followed by personally identifiable information (PII) and social engineering. Both are also in agreement that people are the weakest link in their system (UK 70pc: US 71pc), with processes next (20pc:21pc) and then technology (9pc:7pc).
Troy added: “We’ve seen a dramatic increase in phishing attacks since the beginning of this year, with many proving successful, which is a classic example of how an unsuspecting user can unwittingly put the organisation at risk. Educating users to these types of attack vector is just one element of effective remediation. Better still is to remove suspect electronic packages automatically from mailboxes, rather than allowing someone to open the message and detonate the contained device.”
Despite the recent Snowdon and NSA revelations, both audiences still have faith in their governments with just 7pc of UK respondents and 5pc of US citing external threats from government as the biggest threat to their organisation’s security.
Visit www.appriver.com.
