Social Media and BYOD Are Biggest Internal Security Threats

Written by

Access to social media and BYOD are the biggest internal security threats businesses face, while organized cybercrime is the greatest external threat, according to a new report from fraud specialists Callcredit Information Group.

The group’s Fraud and Risk 2016 Report found that fraud prevention managers and directors rated employee access to social media websites and services (43%) and BYOD to work (35%) as the biggest obstacles IT faces when it comes to preventing data breaches. Lack of knowledge about security threats (28%) and access to personal email accounts (25%) are also considered problematic.

As well as being worried about those internal threats, fraud managers also fear external risks. Organized cybercrime is listed as the current biggest threat, with 75% of respondents fearing it. Respondents to the survey were also worried about identity fraud (51%), money laundering (50%) and social engineering, such as phishing (46%).

However, many appear to see organized crime as a short-term issue; only 26% think organized crime will still be as big a threat in two or three years. Instead, denial of service is expected to be the primary external threat in the future, ahead of “malicious, external loss or compromise of data” (50%), and “accidental, internal loss or compromise of data by an employee” (50%), and ransomware (48%).

Fraud managers seem particularly worried about internal threats. More respondents (46%) considered the threat of malicious, internal loss of data or fraud by an employee a greater threat than the same threats from external parties (42%).

Despite these worries, many fraud managers feel their organization is ahead of those cyber-criminals who specialize in fraud. Just 13% feel they are behind the fraudsters, while 75% feel on top of things.

The report also brought up interesting reactions to Brexit. While most respondents (57%) feel it will have little impact on the risk of fraud, 28% feel it will increase it. That’s primarily driven by a fear that leaving the EU will reduce information sharing between the UK and European anti-fraud authorities.

“As fraud in our society grows, and as geographically mobile individuals increasingly need to establish their digital identity, so the pressure on fraud and risk professionals to protect their organizations and consumers mounts,” said John Cannon, director, fraud & ID, Callcredit Information Group.

“Whilst fraud professionals might be confident in their abilities to prevent and deal with a potential breach, our research suggests that employees need much more education on the risks. Explaining the threats, giving them suggestions on how to protect themselves and informing them about ways to spot a breach could be instrumental in protecting a company from cybercrime. Organizations are only as strong as their weakest link, and the entire workforce needs to understand what the cyber vulnerabilities are in order to prevent them,” he added.

What’s hot on Infosecurity Magazine?