SecureData, the complete security service provider, has revealed that 60% of IT professionals view employee carelessness as the biggest risk to an organisation’s security, well above the usual suspects like data theft (13%), external malware (10%) or technology failure (7%).
The findings are based on responses from 110 IT professionals, half of whom are in major organisations with over 5,000 employees. While 40% of respondents viewed Operations teams as the greatest risk to security, Finance teams were also seen as a significant worry (13%). Interestingly, at a time when cloud security is being hotly debated, no one cited this as a primary security concern.
While IT professionals have been quick to spot the risks posed by non security conscious employees, agreement on how to tackle the challenge is less certain. 40% of respondents felt that educating employees was the most important step to improving security, but 25% added that implementing a clear security management policy was their weakest area. Meanwhile, almost half (44%) of those questioned said that the ultimate responsibility for security decision-making is left in the hands of more junior IT managers, rather than C-level staff (44%) or department heads (12%).
Commenting on the findings, SecureData’s CEO Etienne Greeff said: “There’s a huge opportunity here for organisations to tighten security simply by better educating their staff. Don’t leap to technical answers and complex solutions. This is not about budget-busting new technologies, but going back to basics: plan and deliver a simple, straightforward security policy that employees can easily follow.”
50% of respondents see a holistic approach to security as crucial to meeting the security challenge, with 36% stating that detecting threats quickly is the weakest area of their current approach.
Greeff concludes: “It’s encouraging to see so many recognising the importance of a holistic approach to security. Assessing risk, detecting threats earlier, protecting valuable assets and responding quickly when there is a breach will help restore trust in colleagues across an organisation. But this leadership must come from the top, with the C-level stepping up to tackle the security knowledge gap in their organisations.”