Clearswift (www.clearswift.com), a global cyber security innovator and data loss prevention specialist, has released their annual Clearswift Insider Threat Index (CITI) exploring why firms have been slow to address internal security threats and including data from extensive research into the security priorities and awareness of over 500 IT decision makers and 4,000 employees across the UK, US, Germany and Australia.
“The detachment between the front line security professionals and Board members within an organization is particularly worrying in the wake of recent high profile cyber breaches across the globe already this year,” says Heath Davies, CEO at Clearswift. “Cyber-attacks are a major problem and it’s time for Boards to take a proactive stance on this. Companies need a clear, coherent, adaptive strategy which encompasses people, processes and technology, and this mandate needs to come from the top.”
Companies surveyed were aware that there is a looming threat from the extended enterprise, with 40 percent of firms expecting a data breach in the next 12 months, as a result of employee behavior and employees indicating widespread lack of awareness of good cyber security practice. Key findings from the study show that employee awareness is a major part of the problem:
° 92 percent of organizations in the U.S. have experienced a data breach on some level in the last 12 months – of these, 40 percent say they have seen growth in the number of internal breaches.
° 75 percent of global employees believe their company provides inadequate levels of information about data policies and what is expected of them.
° 58 percent of global employees lack understanding of what might actually constitute a security threat from within their organization.
° 72 percent of global security professionals believe internal security threats are
° 50 percent of global employees admit that they disregard data protection policies at work in order to get their job done.
° 73 percent of breaches have originated from within the extended enterprise globally in the last year.
“Companies with good, existing data protection habits and a well thought through data security policy are in better shape to survive a breach, whether internal or external. The insider threat represents a ticking time-bomb for businesses and one, it seems, that they are unprepared for,” says Dr. Guy Bunker, vice president of Products at Clearswift. “With the ‘insider threat intelligence’ provided by the CITI report, those responsible for keeping critical information secure can get inside the mind-set of their ‘enemy within’ well enough to create a playbook of approaches that helps them defend against both inadvertent and premeditated actions that could compromise their most critical of information.”
The CITI results show a startling disconnect between IT and employees. These attitudes highlight an imperative for organizations to make training employees in security protocols and policies a priority area for the safety and security of the business. Additionally, results suggest that companies need to do an aggressive overhaul of security protocols and training in order to impact employee attitudes, which are one of the most common causes of internal security breaches.
This data was taken from research conducted by technology research firm Loudhouse on behalf of Clearswift. Over 500 IT Decision makers and 4000 employees were polled to gauge the level of threat from insiders.