Organizations globally believe they are their own worst enemy when it comes to cybersecurity, with 45% saying they are ill-equipped to cope with the threat of malicious insiders.
The research, from Mimecast, also reveals that twice as many, 90%, call malicious insiders a major threat to the organizations’ security. One in seven IT security decision makers view malicious insiders as their number one threat.
UK-specific data points include the fact that 51% of IT security managers say they are ill-equipped to cope with malicious insiders; 89% call malicious insiders a threat to the organizations’ security; 85% feel their email security systems are inadequately equipped to handle cyber-threats; 45% view malicious insiders as a moderate or high threat to their organization; and 17% view malicious insiders as their number one threat.
Mimecast initially found as part of its Business Email Threat Report that 65% of IT security decision makers globally feel their email security systems are inadequately equipped to handle cyber threats; and, this new data makes it clear that malicious insiders represent a major source of this risk and anxiety over security preparedness.
By concentrating predominately on perimeter defense and outside threats, organizations around the world struggle with the risk that comes from their own people, emphasizing the need for organizations to implement employee awareness and education as well as creating a cyber resilience strategy that includes both technology—and human-based defenses. This is evident especially considering this study revealed that nearly half of the organizations polled felt exposed to malicious insider attacks.
The research also uncovered that those who say they’re very equipped on cybersecurity feel virtually just as vulnerable to insider threats as those who believe they aren’t equipped at all (16% vs. 17%), indicating that the risk of malicious insiders trumps perceptions of security confidence.
“Organizations of all sizes struggle with the risks that are posed by employees being targeted by adversaries to launch and execute attacks to gain access to data or funds” said Peter Bauer, CEO, Mimecast. “Every day, we trust employees with sensitive information and powerful tools, but we don’t give them the effective security education and advanced cloud security solutions that go hand-in-hand with those responsibilities. As a community we must work together to enact better business processes.”
Mimecast recently launched the Cyber Resilience Coalition, bringing together leading security, data protection and business continuity vendors to help strengthen organizations’ total cyber resilience strategy.
“Another issue we can work together to control is rogue employees who use file-sharing or cloud storage services to steal valuable corporate data—also known as malicious insiders,” Bauer added. “IT managers have, for too long, not paid due attention to this threat. We must re-evaluate unrestricted access to these services and ensure that other protections are put in place quickly.”
Photo © dragon_fang