Insiders pose the biggest threat to data security, according to a new report published today.
The research, based on a poll of 3,596 IT professionals in the US, UK, France and Germany carried out by the Ponemon Institute, found data breaches by hackers ranked a distant fifth in terms of security threats.
Negligence on the part of insiders was seen by far and away as the most dangerous, where US respondents said 75 percent of all breaches were the fault of insiders compared to hackers, who were responsible for just one per cent. The UK came in a close second with 63 per cent of breaches blamed on those from inside the organisation.
Overall, 63 per cent of respondent said their organisations suffered data breaches caused by negligent insiders and 37 per cent had been caused by malicious insiders.
More than half (55 per cent) of UK IT practitioners reported that their organisation had experienced one or more data breaches involving the loss or theft of information about individuals such as consumer data, customer information, employee records.
But it was when looking at where data breaches occurred that the study uncovered some concerning statistics. It found that 41 per cent of all data breaches occurred in a mainframe environment, as opposed to the removable and mobile media so many of the data breaches that come to public attention are attributed to.
The study said this was most worrying because more than 80 per cent of the world's corporate and governmental data resides on mainframes according to the Computer and Communications Industry Association (CCIA), .
Atul Bhovan, senior technical consultant at the research sponsor, Compuware told IT PRO that the deterrent just isn't there to stop people waking out of the building with sensitive and confidential data.
"Monitoring is critical as it will provide often absent visibility of who is accessing data and what they are doing with it and serve as an important deterrent against unauthorised data removal or carelessness," he said.
Bhovan added that the biggest enemy in data security is complacency, where all offline data should be encrypted, for instance, but is not. "Many companies lack the experience and guidance to implement a full-proof technology solution to combat data loss," he said. "Companies need to look at how security solutions can be used within their own business to protect information."
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
A 25-year veteran enterprise technology expert, Miya Knights applies her deep understanding of technology gained through her journalism career to both her role as a consultant and as director at Retail Technology Magazine, which she helped shape over the past 17 years. Miya was educated at Oxford University, earning a master’s degree in English.
Her role as a journalist has seen her write for many of the leading technology publishers in the UK such as ITPro, TechWeekEurope, CIO UK, Computer Weekly, and also a number of national newspapers including The Times, Independent, and Financial Times.