Almost half of IT professionals believe the insider breach threat is more of a concern than the threat posed by hackers. Hackers may pose a major risk to data security, but it is the insider breach threat that is most difficult to deal with. IT security solutions can be purchased to secure the network perimeter, but protecting data from internal attacks and accidental breaches is a major challenge.
49% of IT professionals that responded to a recent Dimensional Research/Preempt survey said they are most concerned about the threat from within. There are many ways that data can be exposed or stolen, but it is not deliberate sabotage or data theft by employees that is the biggest concern. 87% of respondents said it was careless employees and individuals that lacked security awareness that were the biggest data security risk. 13% said they were concerned about malicious employees who stole data or sabotaged defenses to cause the company harm.
The lack of security awareness of staff members could all too easily result in malware being installed on networks. This was the main concern of 73% of respondents. 66% were concerned about the theft of users’ credentials, 66% were worried about data theft, while 63% said they were concerned about abuse of administrator privileges.
Part of the problem is due to end users having excessive network privileges. 91% of respondents said end users were able to access systems that they shouldn’t be able to. Unfortunately, IT departments are under considerable pressure and do not have the time or resources to address the issue. Many also lack the resources to effectively monitor the activities of privileged users.
Organizations are acting to mitigate risk. Security awareness training was provided to employees by 95% of respondents, but the training is not believed to be effective at reducing the risk of accidental breaches. Only 10% of respondents said their security awareness training was effective.
Part of the problem is employees are not engaged in the training and are not putting enough effort in to learning about the risks nor the actions that must be taken to prevent malware infections and accidental data breaches. 81% of end users were willing to take part in training sessions, but only a quarter put sufficient effort into the training sessions.
According to Ajit Sancheti, co-founder and CEO of Preempt, “Without real-time prevention solutions and improved employee engagement, these threats will not only increase, but find more sophisticated ways to infiltrate and navigate a network.” Sancheti says “The future of security practices relies on the ability to not only understand users and anticipate attacks, but also how to mitigate threats as quickly as possible.”