Connect with us

Hi, what are you looking for?


Data Protection

IT Pros More Concerned About Employees Than Hackers: Survey

Despite the focus on exotic zero-day exploits and sophisticated hacking techniques, IT teams are more concerned about more mundane risks to their organizations, such as risky employee behavior and cloud security, a recent survey found.

Despite the focus on exotic zero-day exploits and sophisticated hacking techniques, IT teams are more concerned about more mundane risks to their organizations, such as risky employee behavior and cloud security, a recent survey found.

Poor employee security behavior and greater cloud security top the list of things IT professionals worry about, according to a Sungard Availability Services survey released Tuesday. A common misconception says threats to organizations typically come from outside, but in actuality, many security breaches originate from within the organization and are driven by ignorance, Sungard AS said. Organizations aren’t doing enough to protect critical data and systems, the survey found.

“The writing is on the wall. IT professionals – beyond those who focus solely on security – are worried about internal and external threats that could put their organization in a compromising position,” said Matt Goche, director of security consulting at Sungard AS.

Insider Threats vs. HackersOnly 276 IT professionals took part in this survey in December 2014, so it’s a very small sample. However, its findings echo other, larger, reports which concluded that insider threat and negligent employees pose the biggest threats to the organization’s data and systems. Research firm Ovum found that 93 percent of the organizations in the U.S. in Vormetric’s 2015 Insider Threat Report felt vulnerable to insider threats.

There have been recent reports of malicious insiders—such as the Morgan Stanley employee who accessed client information and publicly posted some of it on the Internet, or the rogue employee at AT&T who illegally accessed customers’ personal information. Sometimes, the attackers don’t have to break in—he or she is already one of you.

IT professionals said their colleagues pose the biggest threat to their overall security. But for the most part, it’s ignorance—or negligence—that’s the problem, not malice. When employees click on malicious links, or forget to put a secure passcode on their mobile devices, they aren’t doing so because they want the organization to suffer a data breach.

Employees leave mobile phones and laptops in vulnerable places, said 62 percent of respondents, and 51 percent claimed employees share passwords, which was a direct threat to the company’s overall security, the Sungard AS survey found.

Password sharing isn’t the only issue, as overall password hygiene remains a problem. The two most common violations were password reuse and using strings made up of keys adjacent to each other on the keyboard (such as qwerty), the survey found. Requiring special characters and enforcing minimum password lengths were the two most important things security teams could do to improve password hygiene. Changing passwords often also made the list of good practices for password hygiene.

Advertisement. Scroll to continue reading.

Security was the most overlooked factor when moving to a cloud environment, even though 54 percent of respondents felt security should be the most critical deciding factor when evaluating cloud offerings. Other factors include vendor support and cloud-based disaster recovery. About three-quarters of respondents said their organizations could do more to improve cloud security, such as asking targeted security questions to create a strong cloud migration plan, Goche said.

“People know cloud security is important but aren’t taking the necessary precautions to safeguard their organization’s resiliency,” Goche said.

Approximately half of the respondents said security planning programs should be the last thing to receive budget cuts. In fact, 60 percent of respondents said their organization needs to put more focus behind their security, by regularly testing the organization’s security and resiliency.

Security is a threat from all angles, even if unintentional, Sungard AS said.  

ResourceUtilizing User Behavior Analytics to Mitigate Insider Threats

Resource: Using Active Breach Detection Against Advanced Attackers

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.