Spohn Security Solutions says 32% of businesses were victims of a major cyber-attack over the past year. The corporate world loses $388 billion annually recovering from cybersecurity breaches, $55 billion is spent annually fixing computer viruses alone, according to the research group.
Timothy Crosby, senior security consultant for Spohn Security Solutions (https://spohnsolutions.com), says while cyber criminals bear the brunt of blame, much of the security threat comes from within an organization. A survey of 4,500 CIOs and technology leaders found that:
° The insider threat is the #1 fastest-growing security risk;
° Fifty-five percent of businesses reported a security breach due to a malicious or negligent employee;
° Fifty percent of individuals causing a breach were granted IT system access by their organization.
Per Crosby, though some employees intentionally cause security breaches, many cyber security breaches are due to inadvertent error. 60% of businesses say employees have no knowledge of security risks. Crosby says that makes the risk even greater:
“Employees have access to a company’s network infrastructure and often little understanding of the risks of exposing sensitive information – that’s a huge vulnerability,” he adds. “Businesses failing to communicate potential risks and how to defend against them are more likely to experience security threats due to human error: 95% of cyber security breaches are due to accidental human error.”
To safeguard a network, businesses must identify potential vulnerabilities through an information security risk assessment – with a rapidly changing cybercriminal landscape, static assessments, stale employee training and protocols will not keep up with the dynamics of cyber security today.
“Company leaders should have knowledge of what data must be protected, where this data resides on the network and who has access to it in real-time – only once an employee is familiar security protocols should they have full access,” says Crosby.