Corporate network misuse seen as top security threat

The majority of organisations see employee misuse of the corporate network as the biggest security threat they face, a new survey has revealed.

The threat from within an organisation led in the league table of potential sources of a data breach for 41 per cent of the 250 IT directors and board-level decision makers questioned by LSI, a storage and networking technology provider.

Traditional hacking attacks from outside an organisation's firewall were considered the second biggest threat, with 21 per cent of respondents.

And the widening of network perimeters was seen as the third biggest threat (15 per cent), followed by terrorist threats and a lack of encryption in data centres.

With internal network security firmly the focus of the survey respondents, it also emerged that cost was the most common reason why organisations were not investing in this critical area of their IT defences.

But recent events have shown the disgruntled or careless employee is in the best position to breach data security.

Earlier this month, a system administrator working for the city of San Francisco was arrested for allegedly locking the authority out of its brand new fibre (wide area network) WAN, which stores around 60 per cent of its data after a run-in with the city's head of security. He reportedly set a master password giving him exclusive access to the network, preventing administrators from accessing routers and switches.

A statement issued at the time by San Francisco District Attorney Kamala Harris also said the administrator, Terry Childs had "set up devices to gain unauthorised access to the system".

Whether malicious or unintentional John Bromhead, LSI product marketing manager said the survey figures showed that staff education and IT investment are key when it comes to security.

And the effects of lax internal security have been felt in the UK too. The data breach that lost data on 25 million UK citizens on an unencrypted Department of Work and Pensions disk late last year was just one of a catalogue of public and private sector breaches that have highlighted the dangers of lax internal IT security practices. As a result, civil servants are now being given special data security training.

Miya Knights

A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.

Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.