A new study released by Dimensional Research has found that nearly half of IT pros are more concerned with threats coming from inside their organization than from cyber criminals attacking from the outside.
In terms of types of insider threats, the report found that lack of security awareness is of most concern. The vast majority of those surveyed (87%) reportedly are most concerned about naïve individuals or careless employees who cut corners get their job done; only 13% are more concerned about malicious insiders who intend to do harm.
Malware installed unintentionally by employees was the top concern (73%), followed by stolen or compromised credentials (66%), stolen data (65%), and abuse of admin privileges (63%).
Respondents claim end user engagement programs and cyber security training is lacking luster. While 95% of companies surveyed provide end-user security training, only a small portion (10%) really feel that the training is effective. Thankfully, 66% see the value in companies providing real-time training and feedback when an end user does something they shouldn’t, but given how underfunded IT Security budgets have been historically, will companies take the preventative approach before any damage is done?
Alarmingly, 91% of respondents report insiders having access to systems that they shouldn’t, but 70% of those cannot effectively monitor privileged user activities.
As internal threats emerge as equally as important as external threats, it’s critical that organizations implement real-time prevention solutions and improve employee security practices in order to mitigate threats internally or externally as quickly as possible.
Read this article on SCMagazine