Today's News

Survey: Insider carelessness cause of most security threats (12/11)

December 11, 2007
/ Print / Reprints /
ShareMore
/ Text Size+

A new survey indicates that the biggest workplace cyber threats are often unintentional, resulting from carelessness or ignorance from individuals within the organization or company.

"The plain fact of the matter is, a simple thing that we might not be aware of can expose risk," said Sam Curry, vice president of product management and marketing at Bedford, Mass.-based RSA, the security division of EMC Corp. that released the survey Monday. "In some cases, the bad guys are looking for those. There are certain social human behaviors that the bad guy can watch for and exploit."

The "person on the street" survey, conducted in November, anonymously polled government and enterprise workers in Boston and Washington D.C. in an effort to assess everyday behavior that had the potential to compromise security and put sensitive information at risk. While seemingly harmless or well-intended, these behaviors can subsequently initiate data exposure of extraordinary proportions, resulting in enormous financial loss.

"The real assets are data assets. It's all about information. Really what we've got to do is minimize risk around information," said Curry. "The bad guys are into fraud. They're very well funded, and they are extremely motivated to make money. You can reduce a lot of risk by taking away the innocent mistakes."

Some of these innocent mistakes are committed by individuals who circumvent security regulations just to get their jobs done. While the survey found that most companies provide training on security best practices, about 35 percent of respondents felt that they needed to work around their company's established security policies just to complete their job-related duties. In addition, 63 percent of respondents said that they frequently or sometimes sent work documents to their personal email address so they could complete their tasks at home, and more than half said that they have accessed their work email from a public computer.

Changing insider roles also played a large part in compromising security. An overwhelming majority — 72 percent — reported that their company or organization employs temporary workers or contractors who require access to sensitive information and systems. Almost a quarter of respondents polled said they stumbled into an area of their corporate network to which they should not have had access, and 33 percent said they still had access to old accounts or resources after switching jobs internally.

At other times, trusting workers literally hold the door wide open for perpetrators. More than a third of respondents said they have opened a secured door for someone they didn't recognize at work, while 40 percent of workers said that someone else they didn't know let them into their building after they had forgotten their access card or key. And of the two-thirds of respondents that said their company provides a wireless network, 19 percent said that access was completely open, with no login credentials required.

Did you enjoy this article? Click here to subscribe to ISHN.

You must login or register in order to post a comment.

STAY CONNECTED

Facebook logo Twitter YouTubeLinkedIn

Multimedia

Videos

Image Galleries

ASSE's Safety 2013 Review

A photo gallery from the Las Vegas Convention Center, where ASSE’s annual professional development conference was held June 24 to 27. All photos courtesy of the American Society of Safety Engineers.

THE MAGAZINE

ISHN Magazine

ishn april 2014 issue cover

2014 April

In this month's issue of ISHN, check out features about safety in the oil and gas industry.

Table Of Contents Subscribe

THE ISHN STORE

M:\General Shared\__AEC Store Katie Z\AEC Store\Images\ISHN\safetyfourth.jpg
Safety Engineering, 4th Edition

A practical, solutions-driven reference, Safety Engineering, 4th edition, has been completely revised and updated to reflect many of today’s issues in safety.

More Products

For Distributors Only - January 2014

ISHN0114_FDO_cov.jpgFor Distributors Only is ISHN's niche brand standard-sized magazine supplement aimed at an audience of 2,000 U.S. distributors that sell safety products. Circulation only goes to distributors. CHECK OUT THEJANUAYR 2014 ISSUE OF FDO HERE

ishn infographics

2012 US workplace deathsCheck out ISHN's new Infographic page! Learn more about worker safety through these interactive images. CLICK HERE to view the page.