I wrote recently about how the threat from within your organisation is one that you need to take seriously and now, according to a new survey from service provider SecureData, some 60% of IT professionals view employee carelessness as the single biggest risk to an organisation’s security.
Thats quite a staggering figure given all the recent press about targeted attacks and high profile data breaches and is well above more traditional concerns of data theft (13%), external malware (10%) and technology failure (7%).
The survey polled the responses of 110 IT professionals, many of whom are in large organisations employing over 5,000 personnel.
Interestingly, when asked about which internal departments posed the greatest risk to security, the IT pros highlighted Operations teams as being the biggest cause for concern with forty percent pointing their fingers in that direction. Your organisation’s Finance teams may also have felt like their ears were burning as it was seen as a significant point of worry (thirteen percent) amongst those questioned.
Curiously, not one of the respondents highlighted cloud security as being a primary concern, despite the fact that this is an area that usually stirs much debate.
The short survey shows that IT professionals are well aware that employees acting primarily outside of the security function pose their own unique type of risk but there was little consensus on how to improve matters.
Forty percent of those polled said that they felt some sort of education was key in improving security awareness amongst non-technical staff but at the same time a quarter of those polled conceded that a clear security management policy was their organisation’s weakest area.
In terms of taking ultimate responsibility for corporate security decision-making 44% of the IT pros said that C-level staff picked up the ball whilst 12% said that department heads took the role in their organisation. Interestingly, and perhaps tellingly, 44% also said that decision-making fell into the hands of junior IT managers.
Looking at the findings, SecureData CEO Etienne Greeff said:
“There’s a huge opportunity here for organisations to tighten security simply by better educating their staff. Don’t leap to technical answers and complex solutions. This is not about budget-busting new technologies, but going back to basics: plan and deliver a simple, straightforward security policy that employees can easily follow.”
The survey also discovered that 50% of respondents see a holistic approach to security as being crucial to meeting the security challenge whilst 36% observed that detecting threats quickly is the weakest area of their current approach.
In conclusion Greef said,
“It’s encouraging to see so many recognising the importance of a holistic approach to security. Assessing risk, detecting threats earlier, protecting valuable assets and responding quickly when there is a breach will help restore trust in colleagues across an organisation. But this leadership must come from the top, with the C-level stepping up to tackle the security knowledge gap in their organisations.”
Is employee education and security awareness an important consideration for your organisation? If so, click here.