Insiders pose the biggest threat to data security, according to a new report published today.
The research, based on a poll of 3,596 IT professionals in the US, UK, France and Germany carried out by the Ponemon Institute, found data breaches by hackers ranked a distant fifth in terms of security threats.
Negligence on the part of insiders was seen by far and away as the most dangerous, where US respondents said 75 percent of all breaches were the fault of insiders compared to hackers, who were responsible for just one per cent. The UK came in a close second with 63 per cent of breaches blamed on those from inside the organisation.
Overall, 63 per cent of respondent said their organisations suffered data breaches caused by negligent insiders and 37 per cent had been caused by malicious insiders.
More than half (55 per cent) of UK IT practitioners reported that their organisation had experienced one or more data breaches involving the loss or theft of information about individuals such as consumer data, customer information, employee records.
But it was when looking at where data breaches occurred that the study uncovered some concerning statistics. It found that 41 per cent of all data breaches occurred in a mainframe environment, as opposed to the removable and mobile media so many of the data breaches that come to public attention are attributed to.
The study said this was most worrying because more than 80 per cent of the world's corporate and governmental data resides on mainframes according to the Computer and Communications Industry Association (CCIA), .
Atul Bhovan, senior technical consultant at the research sponsor, Compuware told IT PRO that the deterrent just isn't there to stop people waking out of the building with sensitive and confidential data.
"Monitoring is critical as it will provide often absent visibility of who is accessing data and what they are doing with it and serve as an important deterrent against unauthorised data removal or carelessness," he said.
Bhovan added that the biggest enemy in data security is complacency, where all offline data should be encrypted, for instance, but is not. "Many companies lack the experience and guidance to implement a full-proof technology solution to combat data loss," he said. "Companies need to look at how security solutions can be used within their own business to protect information."
-
Why keeping track of AI assistants can be a tricky businessColumn Making the most of AI assistants means understanding what they can do – and what the workforce wants from them
-
Nvidia braces for a $5.5 billion hit as tariffs reach the semiconductor industryNews The chipmaker says its H20 chips need a special license as its share price plummets
-
Tech leaders worry AI innovation is outpacing governanceNews Business execs have warned the current rate of AI innovation is outpacing governance practices.
-
Top data security trendsWhitepaper Must-have tools for your data security toolkit
-
SEC data breach rules branded “worryingly vague” by industry bodyNews The new rules announced last week leave many questions unanswered, according to security industry experts
-
The gratitude gapWhitepaper 2023 State of Recognition
-
Meta sues ‘data scraping for hire’ service that collected info on 600k usersNews Meta says tackling data scraping will require a “collective effort” from platforms and policymakers
-
Building a data governance strategy in 2023In-depth Data governance will continue to expand as attitudes change and businesses look to optimise the value of their data
-
FCC plans strict overhaul of 15-year-old US data breach regulationsNews Telcos could no longer be able to use negligence as a defence for data breaches as the FCC also seeks to hasten public notification of breaches
-
UK follows EU in securing data deal with South KoreaNews The deal will foster cross-border collaboration between businesses by reducing administrative and financial frictions
