Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Most chief security officers are misdirecting their focus on malicious insider security incidents when the majority of insider threats are committed accidentally by staff and trusted third parties, according to new research commissioned by RSA Security.Analyst firm IDC interviewed around 400 IT decision makers globally for the survey, and found that the majority were unsure of the sources of internal risk and struggled to quantify the impact in financial and business terms.Just over half thought that most insider threats were accidental, compared to 19 percent who believed them to be deliberate. However, 82 percent were unable to specify whether incidents arising from contractors and temporary staff were accidental or not.Many respondents said that threats such as the spread of malware from within the enterprise was a major concern, but the largest number of incidents came from unintentional data loss though employee negligence, while the incidents that had the most impact involved out-of-date privileges and inappropriate access rights.Chris Young, senior vice president at RSA, argued that to mitigate the risks of insider threats, especially those which might have been caused with no malicious intent, organisations must take a risk-based approach to information security."Companies need to take an information risk approach and not an infrastructure protection approach. This requires enterprise-wide policies on protecting information and categorising risk," he said."The chief security officer needs to make sure that only the right people have access to the right information, although there is always a balance between security and convenience."Young also stressed the importance of coupling this strategy with comprehensive education and awareness-raising programs so that "security is everyone's job".
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.