More than 300,000 internal security breaches took place in UK businesses over the past 12 months – an average of 1,190 per working day – a study has revealed.
The study, which polled 250 IT decision-makers, showed that 32% of businesses with more than 500 employees had internal security breaches in the past year.
In addition, 42% of respondents said ignorant users posed the greatest security risk to those in business, yet only a quarter of IT managers consider insider threats to be a top security priority.
Respondents named viruses (67%), data loss (47%) and hacking (39%) as top concerns, according to the research commissioned by security software provider IS Decisions.
The survey by research firm Censuswide is included in an industry report on insider threats that highlights the issue of internal security as a greater challenge for larger organisations.
IT professionals are failing to look at their own internal structures seriously enough, the report said.
10 steps to beating insider threats
- Limit or prevent concurrent logins
- Limit working hours or maximum session time
- Limit users to their own computer or department
- Monitor user behaviour in real time
- Identify and respond to suspicious behaviour
- Revoke user credentials when employees leave
- Implement a security policy on network access
- Clearly document policies
- Continually remind users of the policy
- Work with other departments to manage network access
Network management under par
The report also highlighted confusion around network management capabilities, with 69% of respondents under the misapprehension that Microsoft Active Directory enables the management of concurrent logins.
“Active Directory provides basic user security, checking that credentials supplied match stored user profiles and then opening up access to resources,” said Bob Tarzey, Quocirca analyst and director.
“Authenticating those credentials is another matter; for this, organisations need to turn to stronger authentication techniques to ensure a user really is who they say they are,” he said.
The report stated that while Active Directory provides basic security, it is important to build on that with real-time monitoring and further restrictions to what users can do once authenticated.
Francois Amigorena, chief executive of IS Decisions, said it is natural to see external sources as the greatest threat.
“That coupled with the fact that insider threat is a complex issue to manage has led to IT professionals seemingly turning a blind eye to the issue,” he said.
The insider threat is most likely to be down to the misuse and poor use of IT, which in turn is often caused by inadequate policies and practices
Bob Tarzey, Quocirca
Addressing internal security weaknesses
Amigorena said the research findings and the impact of leaks by whistleblower Edward Snowden show clearly that internal security should be higher up the IT agenda.
“The reality is that it is a considerable problem, but the good news is there is a lot that IT departments can do to mitigate the risks. It is a technology issue as well as a cultural one, and can be addressed from both of these angles,” he said.
Tarzey said the day-to-day internal security threat faced by most organisations is not due to malicious behaviour.
“The insider threat is most likely to be down to the misuse and poor use of IT, which in turn is often caused by inadequate policies and practices,” he said.
A good example of this, said Tarzey, is the sharing of usernames and passwords, which exacerbates the problem because issues arising cannot be associated with individual users.
More on the insider threat
- Insider threat: Balancing security with privacy
- Major gaps in enterprise insider threat detection, study shows
- NSA failed to detect Snowden’s unsophisticated insider attack
- Analytics and the insider threat: Privileged users and patterns of deception
- South Korean data breach linked to an insider
- Risk versus hype: What is the real impact of insider security threats?
The research found that IT managers believe that around 19% of users are sharing passwords within their organisation.
“Many aspects of the insider threat can be mitigated with investment in tools that monitor and, to a certain extent, control users, for their own benefit and for that of the organisation they work for,” said Tarzey.
The report recommended that businesses implement a security policy that addresses both internal and external threats.
Organisations should be transparent about what risks the policy is mitigating. They should also ensure the policy is clearly documented and accessible, and that users are consistently reminded of its stipulations, the report said.