Nearly 90% of IT professionals believe the 'insider threat' is cultural not a tech issue; Only 1 in 10 UK companies are aware they can use a technology solution to actively manage and reduce the threat from within
(M2 PressWIRE Via Acquire Media NewsEdge) LONDON, United Kingdom - The vast majority (86%) of IT professionals consider insider threats to be a purely cultural issue, and are not aware that technology can help them address internal security issues, a research report from security software provider IS Decisions has revealed. Despite IT professionals estimating an average of 19% of employees in their organisations are sharing passwords, they are failing to look to technology to help address the problem.
The report, entitled 'The Insider Threat Security Manifesto: Beating the threat from within', suggests that many IT professionals are complacent about the issue of internal security. Among those IT professionals using Microsoft Active Directory, 55% believe that the directory service has no security loopholes, while 86% believe their user access policy is effective. This is despite the fact that Active Directory provides only basic security measures, allowing concurrent user logins and offering very limited functionality for monitoring and controlling network access.
Also highlighted in the report is the importance of compliance in relation to insider threats, with many industry regulations such as Sarbanes Oxley and PCI DSS having specific requirements with regards to the safeguarding of data from employees. However, awareness of these regulations was revealed to be low among IT professionals, with 50% of IT professionals not aware if their organisations are PCI compliant or not, for instance.
Francois Amigorena, CEO of IS Decisions commented, "It is shocking to see how limited awareness is among IT professionals of technology's power to help with internal security. The kind of granular user management required, restricting access on a user, device, and department level basis and preventing concurrent logins, is not possible using Active Directory alone, but specialist technology like IS Decisions' product UserLock can help here.
"That said, any approach to tackling insider threats must address the cultural issue too; systems must be defended with security policies and staff must understand those. The problem of relying on a policy alone is that it relies on humans, and unfortunately humans make mistakes and forget things! Again, technology can help here by use of automated warnings via the security software to the user.
Download The Insider Threat Manifesto: Beating the threat from within for more information.
About IS Decisions
IS Decisions makes it easy to safeguard and secure your Microsoft Windows and Active Directory infrastructure. With solutions for user access control, file auditing, server and desktop reporting, and remote installations, IS Decisions combines the powerful security today's business world mandates with the innovative simplicity the modern user expects. Over 3,000 customers around the world rely on IS Decisions to prevent security breaches; ensure compliance with major regulations, such as SOX, FISMA and HIPAA; quickly respond to IT emergencies; and gain time and cost-savings for IT.
IS Decisions is a Microsoft Silver Partner based in Biarritz, France. Customers include American Express, BAE Systems, BMW, Computer Sciences Corporation, FBI, Frito-Lay, GlaxoSmithKline, IBM, Lockheed Martin, Mitsubishi, Oxford University, South Wales Police, TimeWarner, United Nations Organization, US Department of Justice, US Department of Veterans Affairs and US Navy Marine Corps.
Ian McKee / Vicki Eltis
+ 44 208 408 8000+ 44 208 408 8000Call
Add to Skype
You'll need Skype CreditFree via Skype
(c) 2014 M2 COMMUNICATIONS
[ InfoTech Spotlight's Homepage ]