Spooked by big-name hacks, executives ignoring surge in internal security breaches

Nearly 3 out of 4 businesses have experienced an information-security incident over the last year due to the actions of employees, ex-employees, contractors or partners, new research from security vendor Clearswift has found.

Reflecting broad industry concerns that poor security awareness and training amongst employees is compromising the efficacy of protective methods, Clearswift's research found that 63 percent of security threats affecting Australian companies were inadvertent, with just 37 percent resulting from malicious activities.

The annual, international survey of 500 IT decision makers and 4000 employees traces the causes and nature of security threats over time, with this year's survey revealing a significant jump in the percentage of companies admitting they had suffered internal security breaches.

Last year, just 58 percent of respondents said they had suffered an internal breach; this year, the figure was 73 percent.

Fully 88 percent of businesses had experienced some sort of IT or security incident in the last 12 months, yet just 28 percent of respondents believe that internal breaches are treated with the same level of importance as external threats.

High-profile external hacks, such as those perpetrated against Sony Pictures, were dominating the attention of senior executives who, respondents said, were disproportionately concerned about the external threats their organisations faced.

Some 14 percent of the respondents said that until their organisation had a serious data breach caused by an internal actor, the internal threat would never be taken seriously.

Respondents blamed a lack of awareness and understanding about security threats, with 58 percent indicating that such a deficiency was a problem in their organisations.

“Many businesses are still struggling to accept that one of their biggest security risks could come from people they employ in their organisation,” Clearswift CTO Guy Bunker said in a statement.

“Organisations need to be prepared for both accidental and malicious data loss and ensure that adaptive prevention methods are put in place to stop them at the root – before they can even leave an individual’s computer or device.”

The rate of attacks against Australian companies had remained stubbornly consistent, with 53 percent of respondents saying the rate of malicious attacks was the same as last year and just 10 percent saying there were fewer malicious attacks now than a year ago. This was well off the 43 percent and 17 percent figures, respectively, from US respondents.

This article is brought to you by Enex TestLab, content directors for CSO Australia.