Insiders Are Behind Most Business Cybersecurity Incidents

Insider threats are a bigger risk to cyber security than external hackers, with 74% of cyber incidents happening from within companies. 

That's according to survey data conducted by Vanson Bourne on behalf of data security company Clearswift, which took responses from 600 senior business decision makers and 1,200 employees from around the world, with a particular focus on businesses in the UK, US, Germany, and Australia,

When asked about the cyber security threats encountered by the companies, nearly three-quarters found that threat incidents are increasingly coming from within a company rather than from hackers trying to breach their firewalls and defences.
In fact, the study found that over 42% of threats, whether they were inadvertent or malicious, come from employees alone.

When considering the extended enterprise, meaning employees, customers, suppliers, or even previous employees, the number increases to 74%. Although most companies, 65%, believe that these inside incidents are accidental, that data still suggests a serious need for more extensive security education within businesses.

While the threats from internal sources have increased from the 39% in 2015, the number of attacks from outside parties has decreased from 33% in 2015 to a current 26%.

Despite this fall in outside attacks, 29% of businesses within the UK are now implementing cyber security into their boardroom agendas, perhaps due to the recent attacks on companies from hackers as seen with the widespread WannaCry ransomware attacks.

Dr. Guy Bunker, SVP of products at Clearswift, suggests educating employees and investing in data loss prevention in order to shrink the internal security risks. “Businesses may fall victim to the frenzy around high profile attacks and organisations may be quick to look at threats outside the business but, in reality, the danger exists closer to home. The blurring lines between personal and work-based technologies has led to an unabated rise in the insider threat," he said. 

Although 40% of organisations claim the frequency of security incidents have increased over the last year, albeit at a slower rate than previously recorded, companies are spotting these incidents more quickly, with more than half of organisations detecting an issue within an hour.

ITPro

You Might Also Read: 

Businesses Get Better At Detecting Insider Threats:

Data Threat: Your Ex-Employees:

Are Employees Your Weakest Link When It Comes To Security?:

 

« The CIA Discovers It Has A Mole
Facebook Users To Rank The News They Trust »

Directory of Suppliers

CrowdStrike

CrowdStrike

CrowdStrike is a global provider of security technology and services focused on identifying advanced threats and targeted attacks.

Stratogent

Stratogent

Stratogent is a custom managed services organization based in San Mateo, California. We design, implement and support mission critical infrastructure

Snort

Snort

Snort is an open source intrusion prevention system capable of real-time traffic analysis and packet logging.

Splunk

Splunk

Splunk provide real-time Security Information & Event Management solutions for Enterprise Networks, Cloud and small-scale IT environments

CommVault Systems

CommVault Systems

CommVault is focused on helping organisations protect, manage, find and use their data and information quickly, simply and cost effectively.

MFX

MFX

MFX solutions and services include Cyber Security (vulnerability testing), Mobile Device Management, Governance Risk & Compliance.

Hivelocity Hosting

Hivelocity Hosting

Hivelocity is a full service data center that provides Infrastructure as a Service, Colocation, Dedicated Servers and Cloud hosting solutions.

CyberPolicy

CyberPolicy

CyberPolicy is a cyber protection solution for small businesses. It combines three important components against cyber threats - Cyber Plan, Cybersecurity and Cyber Insurance.

Lloyd's

Lloyd's

As an insurance market, Lloyd’s can provide access to more than 65 expert cyber risk insurers in one place.

Oceansblue

Oceansblue

Oceansblue provides secure data and asset management solutions.

Cognosec

Cognosec

Cognosec is a full-service cybersecurity consultancy. We combine products with professional services to form solutions tailored to our clients’ needs.

Potomac Institute for Policy Studies

Potomac Institute for Policy Studies

Potomac Institute undertakes research on key science, technology, and national security issues facing society, Study areas include cybersecurity.

Software Engineering Institute (SEI)

Software Engineering Institute (SEI)

At the CERT Division of SEI we study and solve cybersecurity problems, research security vulnerabilities in software, and develop information and training to help improve cybersecurity.

Secudrive

Secudrive

Secudrive provide solutions to protect your confidential corporate data from both internal and external threats throughout the data life cycle, from creation to deletion.

CyberNB

CyberNB

Canada's epicentre for cybersecurity. CyberNB is focused on cyber skills and workforce development, R&D, protecting our critical infrastructure, innovation and building a world class cyber ecosystem.