Insiders cause more than half of data breaches
Most companies consider hacker attacks to be the most dangerous threat, but according to a new report, insiders cause the majority of security incidents by either malicious or accidental actions.
The study from threat detection specialist Netwrix looks at the experiences and plans over 1500 organizations have in addressing IT risks. The insider threat is underlined by the fact that 44 percent of respondents either don't know or are unsure what their employees are doing with sensitive data.
Among the findings are that not all critical security controls are reviewed regularly as required by best practices. The most neglected controls include getting rid of stale and unnecessary data and conducting data classification. These controls are exercised rarely or never by 20 percent and 14 percent of organizations, respectively.
Although 70 percent of companies have done an IT risk assessment at least once, only 33 percent say they re-evaluate their IT risks on a regular basis. In addition only 17 percent of organizations say they have an actionable incident response plan, while 42 percent have only a draft or have no plan at all.
"Our report illustrates that the foremost reason why the organizations fail to address major IT risks lies in a lax approach to security basics," says Steve Dickson, CEO of Netwrix. "They are giving priority to some controls and are leaving the most important ones out of scope. Haphazard approach to security basics and poor visibility into sensitive data gives IT pros a false sense of security. However, paying more attention to all security basics can help organizations manage IT risks with more success."
You can find out more by downloading the full report from the Netwrix website.