Business underestimates internal IT security threat, study shows

Organisations are underestimating the threat of internal IT security breaches, a study had revealed.

Organisations are underestimating the threat of internal IT security breaches, a study had revealed.

Some 61% of nearly 400 IT professionals polled at Infosec Europe 2012 by authentication firm DigitalPersona said the majority of breaches are caused by unintentional user activity.

A further 17% believe that intentional user activity is a cause of security breaches, yet 60% of respondents said that they did not have 2-factor authentication for their internal network.

“The security of an internal perimeter is something that is often moved down the pecking order when it comes to budgetary priorities," said Ben Boulnois, DigitalPersona Europe.

The external perimeter is the first in line for attention as firewalls and other security measures take the biggest share of the IT budget, and is still considered by senior decision makers as the main route of security threats, he said.

IT departments are also often hesitant in implementing new, stricter authentication solutions which require user training, he said, as this incurs both monetary and time costs.

More than two-thirds of respondents said the sharing of access credentials, such as passwords, smart cards and tokens, as a major security concern.  

While the industry recognises that the internal threat is a real risk, it is worrying that so few are addressing the problem, said Boulnois.

“The biggest IT security risk to any organisation is the employee, and companies need to put into place security policies that help to prevent the temptation to breach security, he said.

According to Boulnois, multi-factor authentication provides support for both the prevention of an attack and the forensics in the aftermath of a breach.

"Companies must start to push the importance of the internal threat further up the IT security agenda," he said.

Read more on IT risk management