The revelation comes from information security company Clearswift, which is headquartered in the UK but has offices in Germany, Japan, the US, and Australia.
Businesses need to be vigilant for the ‘enemy within’ according to CEO Heath Davies, who said employee ignorance and a general lack of security awareness were to blame for the majority of security breaches.
Clearswift conducted an extensive review into security threats facing businesses, commissioning research firm Loudhouse in a bid to “identify the extent to which internal security threats are affecting Australian businesses and how best to manage them moving forward.”
The research findings showed that, although security strategies are driven by the need to protect against external threats, businesses are more likely to encounter breaches within their own extended enterprise. However, rather than being the result of any malicious intent, such breaches emerge from a lack of awareness and understanding by employees who mix their own way of working with a system underprepared for it.
The findings showed that when looking at managing new technologies such as BYOD, 42% of Australian businesses (of various sizes and across various industries) said they are positively accepting it and looking to proactively manage it wherever possible, while 36% are “resisting it or looking to block assess wherever possible”, with a further 11% in denial that such a trend is occurring.
Clearswift said however that the reality for businesses is that whether they accept or reject such trends employees will continue to embrace their own devices irrespective of what the company line is. 61% believe that users will continue to use their own devices on the network whether it is sanctioned or not, effectively meaning employees may take the use of their devices ‘underground’.
With no visibility of what is going on, businesses will be unable to regulate the use of data in their business, meaning threats and breaches will escalate as employees, unaware of the dangers, share and manage the use of data unsafely.
Employees are most likely to be seen as the source of data security breaches (44%), whilst 20% say ex-employees are a source and 21% say customers, partners or suppliers. 42% see parties outside or unknown to the organisation as a source of security breaches, while inadvertent human error (85%), lack of awareness of IT security issues (83%) and introduction of viruses via personal devices (80%) are the key internal security concerns.
Clearswift offers a few enterprise-ready options to deal with internal security. One, the Clearswift SECURE Email Gateway, is suited for anywhere between 50 to 150,000+ users and monitors both ingoing and outgoing emails in a bid to mitigate spam, neutralise viruses and prevent data leaks. Another, the Clearswift SECURE Web Gateway, uses intelligent web security and web filtering techniques to keep unwanted content from entering the business network.
The software uses adaptive redaction - a process unique to Clearswift involving the removal of key data preventing it from being read. Clearswift says its Gateways can automatically remove sensitive information for "maximum protection" such as metadata and revision history. What is removed and when will depend upon the recipient and company policies– hence 'adaptive'.
“Businesses’ attitude towards data security is becoming outdated,” the 'Enemy Within' whitepaper says.
“Data security policies are primarily driven by a need to protect threats from outside the business and to comply with regulation. Whilst this is justified, companies must give an equal weight to the emerging threat to their business, the “enemy within”.
“The rise in the use of personal devices and applications in the workplace, combined with an ever growing ‘extended enterprise’, presents a complicated challenge for decision makers. More and more breaches appear to be occurring within the company’s own territory. Indeed, businesses acknowledge that security breaches are more likely to come from their own employees, rather than from people outside the organisation."
For more information on Clearswift check out its website.