Skip to main content

Why you must identify the 'enemy within' for effective security

This article was originally published on Technology.Info.
As part of our continuing strategy for growth, ITProPortal has joined forces with Technology.Info to help us bring you the very best coverage we possibly can.

A 2013 report by communications security company Clearswift, entitled

The Enemy Within

, has identified the extent to which internal security threats are affecting UK organisations, and how those same threats are being managed. The research showed that improving and maintaining IT security remains a top three priority for 46 per cent of organisations – and rightly so, as 83 per cent of organisations had experienced some form of data security incident in the last year.

However, it appears that the focus on the type of threat is misguided: many organisations are fixated on external security incidences, such as cyber-criminals and hackers - over two thirds (69 per cent) of respondents named protecting sensitive data from outside threats as a key driver for them.

When the reality is that 58 per cent of respondents estimated that data security incidents within their organisations over the last year have come from across the extended enterprise – e.g. employees, ex-employees, contractors and trusted partners, many fitting into the category of Well Intentioned but Misguided Person (WIMP) – compared with 42 per cent attributing them to outside the organisation.

BYOD, cloud and the perfect storm

The internal threat - either by human error or malicious intent, lack of awareness of security policies and the use of personal devices on the corporate network – has fast become the enemy within. The increased uptake of 'bring your own device' (BYOD), cloud-based tools and the reliance on the extended enterprise to share information across global and diverse networks and with third parties are all building towards perfect security storm conditions ahead.
Guy Bunker, Senior Vice President of products at Clearswift and spokesperson for the Jericho Forum, comments, "This is a wake-up call to businesses and the issue must be taken seriously as they are having a major impact on organisations far beyond the confines of the IT department."

Identifying the enemy within

Tackling the security challenges