New research from Clearswift highlights that Finance and HR departments, and the people working in them, represent the biggest information security threat to business.
Nearly half, 48%, of the 500 global security professionals surveyed said finance departments posed a potential security threat, and 42% said the same of HR (40% and 48% respectively for UK respondents).
These concerns relate to the latency for mistakes by employees in these departments such as sending salary or customer details to the wrong people, or by inadvertently installing malware, or of employees/contractors deliberately stealing data, as we recently saw with the Ashley Madison hack.
The reason is partly because these departments have the greatest access to sensitive data. However, the results suggest cultural factors also make people in these departments a higher risk. Legal and Compliance, which have access to equally sensitive data, were considered a much lower risk (only 16% expressed security concerns).
The research also shows mid-career professionals were a higher risk. 37% of respondents said middle management represented the biggest threat, compared with 19% for senior management and 12% for executives/admins; perhaps because senior managers are generally in tune with the consequences of data loss, whilst junior people often don’t have access to the kind of data that can cause disasters.
Middle aged, middle managers are ‘in between’ – having access to the data, but no obvious stake in the consequences of losing it. They are also more likely to be under time and financial pressure, and so may be more inclined to take risks. This puts them in a position, liable to make mistakes or even succumb to foul play.
An overwhelming 79% said men were more of a worry than women. This perhaps suggests women are perceived as more cautious, however it could also imply that men are perceived to be more likely to be involved with handling sensitive data.
67% said those working on site were more of a risk than those working remotely. Despite the perceived security worries about people working out of the office on whatever devices they want, those in the office actually have easier access to sensitive data, so are more likely to lose it.
Data breaches are most likely to come from inside the business. 88% of companies questioned had experienced a security incident in the last 12 months, of which 73% were from people they knew: employees, past employees or customers/suppliers.
Overall, security professionals estimated 53% of the workforce is in a position where they might cause an accidental security breach, whilst 5% are seen as having the potential to cause a malicious one.
This information is useful in formulating your approach to data loss prevention. Of course, we're not proposing targeting individuals, but if you can understand the combination of factors that make certain people in certain roles more of a risk, you can focus your resources on ensuring those breaches don't happen.
Cyber security has a constantly changing field of play, balancing security with the freedom to collaborate. We live in a complex, changing world and threats will be different in different parts of the organisation. By pairing detailed knowledge and understanding with adaptive security technology, you can create a win-win security game-plan to help you combat insider threats: locking down your sensitive data while keeping business moving.
By Heath Davies, Chief Executive