Please note that this is a page from a previous version of Continuity Central and is no longer being updated.

To see the latest business continuity news, jobs and information click here.

Business continuity information

Employees are the most frequent point of failure when it comes to information security

A survey amongst 250 IT security professionals, conducted during this year’s Infosecurity Europe show, has revealed that 20 percent of organizations believe malicious insiders pose the biggest threat to their security. A further 44 percent suggest that employee’s ignorance could also cause defences to crumble. Hardly surprising, then, that this audience firmly pointed the finger at ‘people’ (70 percent) as the most frequent point of failure in an organization’s IT security, with 20 percent citing processes and just 9 percent at technology.

The study, sponsored by AppRiver, is a repeat of a survey first conducted amongst 110 IT security professionals attending RSA in San Francisco earlier this year. That study found that, while the UK suspect internal breaches, more than 61 percent of US professionals cite the biggest threat to their organization’s security as cybercrime from external sources (compared to 35 percent in the UK) with only 33 percent suggesting the non-malicious insider as causing the most concern. Remarkably, just over 5 percent of US respondents blamed malicious insiders for breaches.

“Whilst the US blames external influences, the UK recognises it is their own people who can act as the weakest link in an organization's IT security posture - with ignorance the overarching driver. While it’s hard to plan for ignorance, the combination of education and automation would certainly help mitigate most non-malicious threats especially as many IT professionals have faith in the technology they’re deploying,” said Troy Gill, senior security analyst of AppRiver.

When asked to name the most dangerous threat to the security of their organization, both UK and US professionals agree that malware, including email-borne and web-based threats, tops the list of most concerning threat vectors, followed by personally identifiable information (PII) and social engineering. Both are also in agreement that people are the weakest link in their system (UK 70 percent: US 71 percent), with processes next (20 percent: 21 percent) and then technology (9 percent: 7 percent).

Troy concludes, “We’ve seen a dramatic increase in phishing attacks since the beginning of this year, with many proving successful, which is a classic example of how an unsuspecting user can unwittingly put the organization at risk. Educating users to these types of attack vector is just one element of effective remediation. Better still is to remove suspect electronic packages automatically from mailboxes, rather than allowing someone to open the message and detonate the contained device.”


•Date: 22nd July 2014 • US/UK •Type: Article • Topic: ISM

Business Continuity Newsletter Sign up for Continuity Briefing, our weekly roundup of business continuity news. For news as it happens, subscribe to Continuity Central on Twitter.

How to advertise How to advertise on Continuity Central.

To submit news stories to Continuity Central, e-mail the editor.

Want an RSS newsfeed for your website? Click here