Survey Finds Insider Threats Keeping IT Directors Awake at Night

Secure Computing Corporation today announced the results of an IT Director survey that uncovers a rising concern of insider threats and widespread acknowledgement of being unprepared for emerging Web-based attacks.

When asked whether they believed insider or outsider threats posed a bigger problem to their organization, more than 80 percent of the 103 directors surveyed said insider threats (defined as either unintentional data leakage or deliberate data theft). Less than one in five respondents (17 percent) feel the external threats posed by hackers are more dangerous.

This could be in part due to the fact that 37 percent of respondents have experienced leakage of sensitive information in the past year. In line with this, internal security is at the top of IT Directors' shopping lists when respondents were asked to rank potential future investments that included perimeter security, staff mobility and network performance.

Additional interesting survey findings include:

• E-mail is the Enterprise Achilles Heel: E-mail is identified as the biggest current security risk to respondents' organizations (34 percent). Interestingly Voice over IP comes second (25 percent) and is deemed a bigger threat than Web surfing (browser-related threats), which only 21 percent of IT Directors feel is the biggest threat. Despite this apparent confidence, however, four in five respondents (79 percent) feel they could be better prepared for Web-borne threats

• Web 2.0 Woes: Established external threats continue to be the biggest concern in a developing Web 2.0 environment. Viruses top the list of offenders, with 31 percent of IT Directors feeling it is the biggest threat, while spam comes in second (18 percent) and data leaks a close third (14 percent).

• Hackers Not a Hindrance: When asked to rank their biggest external security concerns, hackers are surprisingly the area of least concern, with less than a quarter (22 percent) of respondents feeling they are the biggest threat. Malware appears to be the major headache, with 56 percent identifying it as their biggest worry.

• Insider Investment: The biggest budgets will be spent on strengthening internal security, with 35 percent of IT Directors identifying it as their priority planned investment. Surprisingly, considering the forecasted downturn in the economy, "IT asset management for cost savings" is the lowest priority.

• Security Climbing the Board's Agenda: IT Security is starting to be seen as a genuine business enabler -- only one in 10 respondents (11 percent) feel their board perceives it as a "necessary evil" while the remainder feel it is at least as important as any other IT project.

• Data Disclosure Drive: Over two-thirds (68 percent) of respondents believe data breach disclosure should be compulsory in the UK, as it is in the United States.

"It's fascinating to see how perceptions of the threat landscape among senior IT decision makers is evolving, with the insider threat and data leakage rivaling traditional external threats among IT Directors' primary concerns," said Kieran Lees, Regional Sales Director at Secure Computing. "It's also very encouraging to see that security is starting to be seen as a genuine business enabler rather than just a necessary evil."