The folks at AppRiver recently conducted a survey among 250 IT security professionals at Infosecurity Europe 2014. The survey revealed that 20 percent of organizations believe malicious insiders pose the biggest threat to business security. A further 44 percent suggest employees' ignorance could also cause defenses to crumble.
Hardly surprising, then, that this audience firmly pointed the finger at "people" (70 percent) as the most frequent point of failure in an organization’s IT security, with 20 percent citing processes and just 9 percent citing technology.
The study is a repeat of a survey first conducted among IT security professionals attending RSA in San Francisco earlier this year. It found that while the United Kingdom suspects internal breaches, more than 61 percent of U.S. professionals cite the biggest threat to their organization’s security as cybercrime from external sources (compared to 35 percent in the United Kingdom), with only 33 percent suggesting the non-malicious insider as causing the most concern. So, while the United States may blame external influences, the United Kingdom recognizes it is their own people who can act as the weakest link in an organization’s IT security posture.
When asked to name the most dangerous threat to the security of their organization, both U.K. and U.S. professionals agree that malware, including email-borne and Web-based threats, top the list of most concerning threat vectors, followed by personally identifiable information (PII) and social engineering. Both groups are also in agreement that people are the weakest link in their system (United Kingdom, 70 percent; United States, 71 percent), with processes next (U.K., 20 percent; U.S., 21 percent and then technology (U.K., 9 percent; U.S., 7 percent).
AppRiver Senior Security Analyst Troy Gill concludes, “We’ve seen a dramatic increase in phishing attacks since the beginning of this year, with many proving successful, which is a classic example of how an unsuspecting user can unwittingly put the organization at risk. Educating users to these types of attack vectors is just one element of effective remediation. Better still is to remove suspect electronic packages automatically from mailboxes, rather than allowing someone to open the message and detonate the contained device.”
For more information, please visit www.appriver.com.
Guest blogs such as this one are published monthly, and are part of Talkin' Cloud's annual platinum sponsorship.