Three-Quarters of Security Incidents Originate Inside the Extended Enterprise
The majority of security incidents arise from within in the extended enterprise and not as a result of hacking groups, according to new research from Clearswift .
The firm surveyed 600 senior business decision makers and 1200 employees across the UK, US, Germany plus Australia, discovering that 42% of IT security incidents happen due to the actions of employees whilst 74% originate from the extended network associated with workers, customers and suppliers. That’ s in contrast to the 26% regarding attacks that came through parties unknown to the particular organizations, a figure down from 33% in 2015.
“ Businesses may fall victim to the frenzy around high profile attacks in addition to organizations may be quick to look at threats outside the business but, in reality, the danger exists closer to home, ” said Dr Guy Bunker, SVP products at Clearswift. “ The blurring lines between personal and even work-based technologies has led to an unabated rise in the insider threat. ”
However, whilst Clearswift’ s findings clearly suggested that internal threats pose the greatest risk to the majority of businesses, respondents believed most incidents are accidental or inadvertent rather than deliberate in intent, highlighting a need for better awareness of online risks.
“ Educating employees about how to safeguard critical information, motivating employees to care more about the ramifications of a breach, together with increasing investment in Data Loss Prevention (DLP) tools are the biggest priorities needed to minimize the risk of internal security breaches, ” Bunker added. “ Being a responsible data citizen will also require organizations in order to look at the way in which partners or suppliers hold and additionally share information, as removes within the extended business could also lead to heavy fines for the originating business. ”
On a positive note, Clearswift discovered that organizations are becoming quicker at spotting incidents on the network, with more than half (52%) noticing an issue within an hour, compared to only a third (34%) two years ago.