Accidental security incidents by company insiders are happening more frequently.
According to new IDC findings announced today by RSA, and a new whitepaper, titled ‘Insider Risk Management: A Framework Approach to Internal Security', CEOs are aware that users create information security risks within their organisations and external threats often overshadow the importance of protecting against internal risks.
The majority of those surveyed indicated that they were unclear on the sources and intentions of internal risk and struggle to quantify the potential financial consequences and workflow impact.
Of the organisations surveyed, 52 per cent characterised their insider threat incidents as predominately accidental, only 19 per cent believed the threats were deliberate, and the remaining 26 per cent believed they were an equal combination, while three per cent were unsure.
However when asked to rank their top threats, almost 82 per cent of CEOs were unsure if incidents from contractors and temporary staff were accidental or deliberate.
The survey results show that almost 40 per cent of organisations plan to increase spending on initiatives to reduce internal security risks over the next 12 months and as few as six per cent will decrease spending.
Christopher Young, senior vice president of RSA products, claimed that security is everyone's job, not just the job of the security team. He said: “Internal risks are growing and to remain competitive, CEOs must change the way they defend their business and expand security priorities to address the heightened need for protection from risk both intentional and accidental from an insider.
“CEOs must adopt a holistic strategy to mitigating insider threat that focuses on protecting critical information from misuse, leakage and loss by internal users, whether accidental or deliberate.”
Although the increased sophistication of data breaches by determined fraudsters are prevalent, this new data highlights that unintentional data loss and information security controls affects the operational integrity of an organisation to a greater degree than intentional, malicious attacks.
However Jesper Frederiksen, VP global sales at Clearswift, claimed that while he agreed with the reports findings, a huge shift in attitude is needed when it comes to security
Frederiksen said: “I can't help but feel the report has missed an opportunity here. Negativity has been firmly entrenched in the security industry for far too long, and despite the majority of the report having a positive tone, there is still talk of maintaining control over access to systems, which is an all too worrying echo of outdated values.
“Security in this day and age should be something that enables companies to have confidence to take advantage of the full range of collaboration and Web 2.0 technologies available, not something that is restrictive and stifles innovation.
“It's through using security to help your business take advantage of the widest range of resources and helping to foster a culture of innovation that a business can gain the competitive edge.”