[BreachExchange] Managing insider cybersecurity risk: 5 key findings

Audrey McNeil audrey at riskbasedsecurity.com
Tue May 24 20:06:53 EDT 2016 

http://www.beckershospitalreview.com/healthcare-information-technology/managing-insider-cybersecurity-risk-5-key-findings.html

There appears to be a disconnect between organizations' recognized threat
risks and organizations' actions to mitigate those risks. While 66 percent
of organizations say employees are the weakest link in cybersecurity
defenses and 60 percent say employees are not knowledgeable about security
risks, just 35 percent believe it is a priority for employees to be
knowledgeable about those risks, according to a recent survey from Ponemon
Institute.

The survey collected responses from more than 600 individuals at companies
that have a data protection and privacy program. Here are five key findings
from the survey.

1. Fifty-five percent of respondents identified a security incident or data
breach due to employee negligence or a malicious attack by an employee.

2. The No. 1 security concern among respondents is employees inadvertently
exposing sensitive or confidential information.

3. The types of employee behaviors respondents most fear include unleashing
malware from an insecure website or mobile device (70 percent), violating
access rights like using someone else's login credentials (60 percent),
using an unapproved mobile device in the workplace (55 percent), accessing
company applications from an insecure public network (49 percent) and
succumbing to a phishing attack (47 percent), among others. (Respondents
were permitted to select more than one choice.)

4. When asked why it is difficult to reduce the risk of data breaches due
to negligent or malicious employees, 70 percent of respondents said they
lack in-house expertise, and 55 percent of respondents said they lack
leadership or ownership of the issue. Additionally, half of respondents
said there are organizational silos to reducing data breach risk, and 47
percent said their budget is too small. Respondents were permitted to
select more than one choice.

5. Less than half of respondents (49 percent) said senior management
believes a strong security posture is part of the corporate culture.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160524/744cfab5/attachment.html>

More information about the BreachExchange mailing list