Hackers trump insiders as chief threat

Hacker

The majority of C-level executives believe hackers will be more of a threat to business data than insiders over the next three years, research has indicated.

Almost six in ten said external threats will pose more of a risk, although internal dangers remained a big concern for business executives, a Cyber-Ark survey showed.

Targeted attacks and Advanced Persistent Threats (APTs) have been a growing concern across the security industry, following a number of high-profile hacks, including one on RSA.

Mark Fullbrook, director for UK and Ireland at Cyber-Ark, said technology alone was not enough to protect against targeted attacks, so the best approach is to simply close as many gaps as possible.

"The important thing is to make the network as secure as possible. Security as a holistic approach is what companies need to do now," Fulbrook told IT PRO.

"Leave the attackers very, very little to attack. We can certainly close the gap and make things as difficult as possible."

A Symantec report earlier this month warned targeted attacks were likely to increase this year, following 2010 when Stuxnet set a new precedent for such threats.

Cyber-Ark pointed to the recent hack on RSA, noting how privileged accounts and passwords were targeted, indicating a need to improve security around such accounts.

A quarter of respondents said their use of privileged accounts was not being monitored.

As for the internal threat, nearly half of respondents said the IT department were the most likely to snoop on corporate data, whilst one in 10 suspected managers were susceptible to accessing information they shouldn't.

Meanwhile, 16 per cent believed insider leaks had led to competitors gaining valuable corporate information, such as intellectual property.

Fullbrook suggested there was not enough pressure placed on UK companies to secure corporate information and this made the country look bad in comparison to the US.

"Customers in the US do seem to have a more serious view," he added.

When asked if they had ever accessed data on a system not relevant to their role, 28 per cent of North American IT staff respondents said they had, compared to 44 per cent in EMEA.

Furthermore, 20 per cent of US respondents said they or one of their colleagues had used an administrative password to access information that was confidential or sensitive. In EMEA, the figure stood at 31 per cent.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.