It’s not me, but it is probably you: How IT still views employees with contempt on cybersecurity
A new report from software as a service (SaaS) operations management and security platform BetterCloud begins with a blunt message. “While cybercriminals, hacktivists and ransomware often make a big splash in the news headlines, the reality is that the biggest security threat is often right in front of you.”
According to the study, which featured survey data from 500 IT professionals, the ‘well-meaning but negligent end user’ is responsible for various issues. Almost two thirds (62%) of respondents said the biggest security threat came from this category. More than nine in 10 (91%) polled said they felt vulnerable to insider threats, while an even greater number (95%) still felt this way even with the adoption of a cloud access security broker (CASB).
What’s more, almost half (46%) of IT leaders polled believed the rise of SaaS apps made them especially vulnerable to insider threats. This may be seen as an interesting point of contention, with SaaS apps evidently resulting in data being moved to multiple silos. Three quarters (74%) of the C-suite polled admitted they had not invested enough to mitigate the risk of insider threats.
The study cites various snafus caused by internal issues; according to the 2016 US State of Cybercrime report by CSO Magazine, insiders were the source of half of incidents where private or sensitive information was unintentionally exposed, and two in five where employee records were compromised or stolen.
As the report puts it, SaaS helps to create a new generation of insider threats for three reasons; the fact that end users now have lots of freedom and power meaning IT and security is losing control, the fact that it creates dangerous blind spots, and because file sharing configurations are complex. The latter has been seen in various aspects as covered by sister publication CloudTech, whether it’s for software as a service or infrastructure as a service (IaaS), with misunderstandings over the ‘shared responsibility’ element of cloud security prevalent.
When it came to exploring who was feeling the heat, everyone was concerned. 94% of those in IT leadership said they felt vulnerable, compared with 92% for the C-suite and 91% of IT managers. Yet while 83% of sysadmins and IT admins said they were concerned – still a heavy number – the report notes this comparative turnaround.
Ultimately, the well-meaning but otherwise negligent insider by far causes the biggest concern in organisations. In comparison only 21% of respondents thought intentionally malicious actors caused the biggest threat, while 17% thought compromised users caused the most fear.
“SaaS has exponentially expanded the scope and difficulty of managing insider threats,” the report concluded. “As more companies continue to adopt SaaS, this difficulty will only increase. Understanding the various leakage points in SaaS is essential in creating safeguards. With the right tools for visibility and remediation, it’s possible to mitigate some of these risks in the digital workplace.”
You can read the full report here (pdf, no email required).
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more.
- » The CIO's role is moving to customer obsession - but many lack the tools to do it
- » Hiscox cyber readiness report notes air of cautious optimism among enterprises
- » Protecting your organisation from phishing scams: A guide
- » More tales of woe for enterprise network security, report warns
- » Security executives want to push forward a password-free future, finds MobileIron