© 2019 SourceMedia. All rights reserved.

Insiders are still the greatest security threat facing most organizations

Many organizations consider hacker attacks to be the most dangerous threat, but insiders cause the majority of security incidents by either malicious or accidental actions, according to a new study from Netwrix, which provides a data security and risk mitigation platform.

The research is based on a survey of 1,558 organizations worldwide, looking at the experiences organizations have had in regard to IT risks such as physical damage, intellectual property theft, data loss, data breach, system disruption, and compliance penalties.

Although more than 60 percent of the respondents think their level of visibility into internal IT is high enough, 44 percent either do not know or are unsure of what their employees are doing with sensitive data.

insider threat 20.jpg
A stream of binary coding, text or computer processor instructions, is seen displayed on a laptop computer screen as a man works to enter data on the computer keyboard in this arranged photograph in London, U.K., on Wednesday, Dec. 23, 2015. The U.K.s biggest banks fear cyber attacks more than regulation, faltering economic growth and other potential risks, and are concerned that a hack could be so catastrophic that it could lead to a state rescue, according to a survey. Photographer: Chris Ratcliffe/Bloomberg

Not all critical security controls are reviewed regularly as required by best practices, according to the report. The most neglected controls include getting rid of older and unnecessary data and conducting data classification. These controls are exercised rarely or never by 20 percent and 14 percent of organizations, respectively.

A majority of organizations (70 percent) have done IT risk assessment at least once, but only 33 percent re-evaluate their IT risks regularly. And only 17 percent of organizations have an actionable incident response plan and 42 percent have only a draft or have no plan at all.

For reprint and licensing requests for this article, click here.