Accidental Insider Threat More Lethal To Businesses Than Cybercriminals?

A new research has claimed that the accidental security leaks involving staffers occur more frequently and usually impinge more damages to organisations than malicious insider attacks.

The research - carried out by the analyst firm IDC and commissioned by security vendor RSA - involved 400 top-level execs from the UK, France, Germany, and the US, has finally rejected the notion that malicious insiders are the biggest single threat to the companies.

However, the study concluded that a majority of security leaks occur due to unintentional security breaches, as well as inadequate access and misuse of information by employees, posing greater threats to organisations than that of malicious insiders.

The respondents to the poll from across various parts of the world notified about 6,244 incidents of accidental data loss, 5,794 incidents of risks triggered by letting privileged access to critical systems to the unauthorised people, and 5,830 malware attacks rooted from within the organisation.

More than half of the respondents, 52 percent, portrayed insider threat incidents as purely unintentional, while only 19 percent saying that the security threats were planned.

Around 40 percent organisations usually intend to increase security spending, while only six percent generally trim down their security budgets, the study added.

IDC concluded that enterprises should adopt a “comprehensive risk-management based” approach to ensure information security.

Our Comments

Lack of training, misunderstandings and sloppiness create opportunities for cybercriminals to breach businesses' security systems. Proper training is paramount to keep organisations as safe as possible from any attempts to break through their defenses.

Related Links

Businesses should focus on the ‘accidental’ insider threat

(IT Pro)

Incompetence a bigger IT security threat than malign insiders

(The Register)

IDC Report: Most Insider Leaks Happen By Accident

(Dark Reading)

Insider risk problem revealed


Insider Security Events Mostly Unintentional

(Channel Insider)