Corporate network misuse seen as top security threat
The threat from within an organisation has emerged as the biggest security breach fear among senior business and IT decision makers.
The majority of organisations see employee misuse of the corporate network as the biggest security threat they face, a new survey has revealed.
The threat from within an organisation led in the league table of potential sources of a data breach for 41 per cent of the 250 IT directors and board-level decision makers questioned by LSI, a storage and networking technology provider.
Traditional hacking attacks from outside an organisation's firewall were considered the second biggest threat, with 21 per cent of respondents.
And the widening of network perimeters was seen as the third biggest threat (15 per cent), followed by terrorist threats and a lack of encryption in data centres.
With internal network security firmly the focus of the survey respondents, it also emerged that cost was the most common reason why organisations were not investing in this critical area of their IT defences.
But recent events have shown the disgruntled or careless employee is in the best position to breach data security.
Earlier this month, a system administrator working for the city of San Francisco was arrested for allegedly locking the authority out of its brand new fibre (wide area network) WAN, which stores around 60 per cent of its data after a run-in with the city's head of security. He reportedly set a master password giving him exclusive access to the network, preventing administrators from accessing routers and switches.
A statement issued at the time by San Francisco District Attorney Kamala Harris also said the administrator, Terry Childs had "set up devices to gain unauthorised access to the system".
Whether malicious or unintentional John Bromhead, LSI product marketing manager said the survey figures showed that staff education and IT investment are key when it comes to security.
And the effects of lax internal security have been felt in the UK too. The data breach that lost data on 25 million UK citizens on an unencrypted Department of Work and Pensions disk late last year was just one of a catalogue of public and private sector breaches that have highlighted the dangers of lax internal IT security practices. As a result, civil servants are now being given special data security training.
Four cyber security essentials that your board of directors wants to know
The insights to help you deliver what they needDownload now
Data: A resource much too valuable to leave unprotected
Protect your data to protect your companyDownload now
Improving cyber security for remote working
13 recommendations for security from any locationDownload now
Why CEOS should care about the move to SAP S/4HANA
And how they can accelerate business valueDownload now