Employees Pose Greatest Threat to Data Security
Websense, Inc., a global leader in web security and web filtering productivity software, announced the results of an international survey of more than 110 respondents from twenty countries, conducted during the recent e-Crime Congress in London. According to the survey results, 45% of e-crime experts reported that the biggest threat to an organisation’s data comes from inside the company. Only 11% of the survey respondents believed that external threats, such as hackers and organized cyber-crime, pose a bigger issue, and the remaining 44% of respondents weighed the risk between "internal" and "external" threats equally.
Furthermore, 74% of respondents felt that legislation to protect against e-crime attacks has been inadequate. For example, 64% of the survey respondents called for stronger legislation. Furthermore, more than 60% believed legislation to be unenforceable. Reasons cited include the following:
- Lack of law-enforcement resources (46%)
- Lack of co-operation across jurisdictions (38%)
- Breaches not being reported (28%)
- Legislation not being specific enough (28%)
Despite the consensus that employees posed the highest security risk, only 10% of respondents thought that employees were responsible for a web security breach. The majority, 74%, felt the Board of Directors was ultimately accountable, while 21% felt the responsibility lay within the IT department.
The survey also exposed the fact that only 8% of respondents felt the "average" company takes a proactive approach to security - with over half (59%) reporting that companies were only reactive.
Interestingly, respondents surveyed felt that compliance legislation, such as Basel II and Sarbanes Oxley, has played a positive role in driving security spend and implementation (74%). With so many attacks from the outside, it’s easy to forget that security can be breached within the four walls of your own company. The ‘threat from within’ is more often than not completely unintentional, and employees are breaching security unwittingly. Today’s cyber-crime tactics are socially engineered to look real, and unsuspecting users within an organization can easily be duped, said Mark Murtagh, director, technical support, EMEA, for Websense, Inc. "With the Board of Directors ultimately held accountable for web security breaches, it’s important for companies to have robust policies that automate processes for all employees. So, whilst definitive responsibility lies in the hands of the board they must ensure that their business is not left vulnerable to the keystrokes of employees."
About the Sample
The sample size of this international research was 112 respondents from 20 countries. Respondents were amongst the 400+ who attended the e-Crime Congress on the 30th and 31st March 2006.
These would have included: government figures, public sector representatives and senior officers and managers within law enforcement agencies as well as industry.
Source: Websense Inc. (http://www.websense.com)
|
