Everyone is worried about internal cybersecurity threats, report
Everyone is worried about internal cybersecurity threats, report

There are few things everyone can agree upon, but according to a new study almost all security professionals are concerned about insider threats.

The study The Growing Security Threat From Insiders of 317 independently identified IT security professionals, from companies with more than 1,000 employees, conducted by Dimensional Research found 99.7 percent are concerned about internal security threats. The insider threats that particularly worry these execs are malware being installed by workers, 73 percent; stolen or compromised credentials, 66 percent; stolen data, 65 percent; and abuse of administrative privileges, 63 percent.

Even when asked to consider both internal and external threats, 49 percent said the former were more worrisome.

A positive note is those surveyed do not believe their staffers are intentionally trying to injure the company, but that naïve behavior or those who bend the rules in an attempt to be more efficient will lead to a major problem.

“Almost 9 in 10 security professionals (87%) don't think malicious employees are the greatest threat to their organization. Only 13% indicated that they were most concerned about individuals who were intentionally trying to hurt the business by compromising security,” the report stated.

Because an incident caused by an unknowing worker is such a concern 79 percent of those surveyed believe it's important for end user to be aware of and engage in contributing to the company's cybersecurity. About 95 percent reported they are engaged in training end users in proper cybersecurity practices with the majority of the training being handled via email, online and in person.

Unfortunately, these efforts are not solving the problem.

“Most did agree that the training did have an impact, with 69 percent rating the training as ‘somewhat effective,' but only 10 percent felt that their efforts were ‘very effective,' far fewer than the 21 percent who rated their training as ‘not effective, but better than nothing,'” the report said.

The report did note one possible reason for this unhappy situation. It found that just 25 percent of those surveyed said their workers make an effort to learn cybersecurity skills that could save their company from a disaster.

The study was sponsored by Preempt.