Insiders are still the greatest security threat facing most organizations
Many organizations consider hacker attacks to be the most dangerous threat, but insiders cause the majority of security incidents by either malicious or accidental actions, according to a new study from Netwrix, which provides a data security and risk mitigation platform.
The research is based on a survey of 1,558 organizations worldwide, looking at the experiences organizations have had in regard to IT risks such as physical damage, intellectual property theft, data loss, data breach, system disruption, and compliance penalties.
Although more than 60 percent of the respondents think their level of visibility into internal IT is high enough, 44 percent either do not know or are unsure of what their employees are doing with sensitive data.
Not all critical security controls are reviewed regularly as required by best practices, according to the report. The most neglected controls include getting rid of older and unnecessary data and conducting data classification. These controls are exercised rarely or never by 20 percent and 14 percent of organizations, respectively.
A majority of organizations (70 percent) have done IT risk assessment at least once, but only 33 percent re-evaluate their IT risks regularly. And only 17 percent of organizations have an actionable incident response plan and 42 percent have only a draft or have no plan at all.