14 DAY TRIAL // According to the Boardroom Cyber Watch 2013 report published earlier this week by IT Governance, most senior executives name their employees as being the number one threat to corporate data.
The threat posed by employees is followed by cybercriminals (27%) and state-sponsored actors (12%). 8% of the interviewed executives see their competitors as the biggest cyber security threat.
Interestingly, while 25% of respondents have admitted that their organizations have been targeted by cybercriminals over the past 12 months, 20% of them are unsure if they’ve been hit.
Most senior executives say they receive regular reports about their IT security posture. However, only 5% receive daily reports. 11% receive weekly and 33% get monthly reports.
The rest get such reports only once per year, at best.
Furthermore, in most cases, understanding current IT security threats is not a prerequisite for board-level job candidates.
Commenting on the report, SpectorSoft VP Nick Cavalancia highlights the fact that organizations have been so focused on protecting their assets from external threats that they’re neglecting the insider threats, which in many cases can easily copy sensitive corporate information on a USB stick.
“As the recent case of Edward Snowden showed us, the latter threat can sometimes have a much more negative effect on an organization,” Cavalancia told Softpedia in a mailed statement.
“As this survey demonstrates, insider threats are a concern for the boards of many organizations, especially in cases where sensitive customer information is at stake or where companies must remain compliant,” he added.
“Organizations must implement a layered security strategy that includes employee activity and behavior monitoring and provides visibility into what employees are actually doing with critical data. Organizations can no longer afford the brand or reputation damage and penalty costs for incompliance that result from an insider threat,” Cavalancia said.
“A recent survey that we took at InfoSec Europe revealed that while the majority of security professionals agree that the insider threat is the greatest threat facing their organization, the top two security solutions invested in were encryption at 69% and intrusion detection at 67% - neither of which detect or monitor insider threat activity.”
The complete report is available on IT Governance's website (registration required).