With the revelations in the Edward Snowden case, about him gaining coworkers' password making headlines, it is no wonder that IT departments are becoming more aware of insider threats. But while knowledge is growing, it is doing so slowly.
According to our recent research there are still more than 1,190 internal security breaches occurring in UK businesses each day. However, our report, The Insider Threat Security Manifesto: Beating the threat from within, shows only one in four UK IT professionals consider insider threats to be in their top three security priorities. Instead they are more concerned about threats from viruses, data loss and hacking.
It's almost ironic that they should be more concerned about data loss, as the most common way for an organisation to leak data is via an employee. The reality is that more often than not, the greatest risk to any organisation comes from within.
The unhappy employee, or rogue insider who will go to any length to gain access to the organisation's crown jewels and share the sensitive data, just like the NSA's IT contractor Edward Snowden, who gained access to files he should not have by simply asking his colleagues to share their passwords.
The Snowden effect
Although Snowden's actions last year were to put an entirely different data security issue on the international media agenda, he inadvertently highlighted insider threats too.
And it did have the effect of raising awareness, as 12% of IT professionals in the UK said they worry more about insider threats since the scandal, proving that their has been an 'Edward Snowden effect' on the issue.
However, Snowden clearly undertook his actions with specific intent, and the trends tend to be that malicious employees are the exception rather than the rule. Ignorant users are in fact a much more common source of data breach, and represent the greatest concern for IT professionals.
An enterprise problem
Insider threats are naturally more of a larger organisation problem, as the greater the number of employees the larger the base for a potential breach.
And concern about the issue is growing faster in larger organisations too, 38% of IT professionals in organisations of over 250 employees told us they have become more concerned in the last 12 months, compared to 17% for those of 250 and under.
What can IT professionals do?
It is human nature to see external sources as your greatest threat, and that coupled with the fact that insider threat is a complex issue to manage has led to IT professionals seemingly turning a blind eye to the issue. But the facts show that there is a requirement for IT professionals to grow their understanding.
There are measures that can be taken to address internal threats via technology, but it is also a cultural issue. The best approach to mitigating the risks is to approach it from both sides, leveraging technology but also taking steps within the organisation to better educate users and help them to understand policy.
- François Amigorena is founder and CEO of IS Decisions, a provider of Infrastructure and Security Management software solutions for Microsoft Windows and Active Directory. IS Decisions offer solutions for user access control, file auditing, server and desktop reporting, and remote installations.