Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

User Mistakes The Biggest Insider Threat: Survey

Contrary to many headlines across the cyber realm, not all security incidents are a result of malicious intent.

According to the results of a recent survey, 70 percent of U.S. survey respondents and 64 percent of German respondents said that more security incidents are caused by unintentional mistakes rather than intentional and/or malicious acts.

Contrary to many headlines across the cyber realm, not all security incidents are a result of malicious intent.

According to the results of a recent survey, 70 percent of U.S. survey respondents and 64 percent of German respondents said that more security incidents are caused by unintentional mistakes rather than intentional and/or malicious acts.

The survey, commissioned by Raytheon|Websense and conducted by Ponemon Institute, found that employee negligence can result in insider threats and cost companies millions of dollars each year.

Respondents say that such incidents can cost a U.S. company as much as $1.5 million and Germany companies €1.6 million in time wasted responding to security incidents caused by human error, according the survey, which polled IT and IT security practitioners in the U.S. and Germany.

The survey report (PDF), “The Unintentional Insider Risk in United States and German Organizations,” found that while there are similarities in how U.S. and German organizations perceive insider threats, there are also clear cultural differences in the causes of unintentional insider risk.

“Germany is often seen as being on the cutting edge of deploying security technology and strictly enforcing security policies,” the report said.

Additionally, German respondents are more likely to agree that their organizations do not have the necessary safeguards in place to protect against careless employees (54 percent). U.S. respondents reported that employees are not properly trained to follow data security policies (60 percent) and that senior executives do not consider data security a priority (50 percent).

Determining the difference between malicious and negligent security incidents is difficult, Raytheon|Websense said, noting that forty-four percent of German and 49 percent of U.S. respondents said they cannot tell the difference between security incidents caused by employees who are careless and those who are malicious.

Advertisement. Scroll to continue reading.

Those who say they can differentiate between maliciousness and negligence, say it represents an average of 70 percent (U.S.) or 63 percent (German) of all insider security incidents.

“Maliciousness is tagged as the leading cause in insider threat discussions, but the impact of negligence cannot be overlooked,” said Ed Hammersla, president of Raytheon|Websense.

“Workplace stress, multitasking, long hours and a lack of resources and budget are the biggest contributors to employee negligence,” Hammersla continued. “Having programs in place that include a mixture of training, policy and technology are vital to addressing insider threats before they become a major issue.”

Additional discoveries include:

• Unintentional employee negligence severely diminishes the productivity of the IT function according to 73 percent of U.S. respondents and 67 percent of German respondents.

• Long hours and multitasking are red flags for risk. Multitaskers are more likely to be careless or negligent according to 79 percent of U.S. respondents and 81 percent of German respondents.

• German respondents are more likely to limit practices that can create unintentional risk (55 percent), while their American counterparts prefer to monitor employees’ behavior (63 percent).

• In both the U.S. and Germany, IT security practitioners spend an average of almost three hours each day dealing with the security risks caused by employee mistakes or negligence.

• Both German and U.S. respondents report ordinary users, contractors or third-parties pose the biggest threat to security.

Ponemon Institute surveyed 1,071 IT and IT security practitioners in the U.S. and Germany for the study. 

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Data Protection

While quantum-based attacks are still in the future, organizations must think about how to defend data in transit when encryption no longer works.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...