The biggest threat to your company's cybersecurity isn't malware, phishing scams or even hackers — it's you. In a series of studies published last week, three security research firms asked employees at midsize businesses across America about the biggest threats to corporate cybersecurity. And while the surveys each pointed to slightly different culprits, the verdict was clear: employees are the weakest link in the security chain.
The largest of the three studies — a Stroz Friedberg online survey of more than 700 information workers — found that senior management may be the biggest threat to an organization's digital well-being. Fifty-eight percent of senior managers reported having (digitally) sent sensitive information to the wrong person. Compare that with just 25 percent of lower-level employees guilty of the same misstep. And more than half of all senior managers in the study admitted to taking files with them after they left a job. Only 25 percent of rank-and-file employees were found to have done the same.
The Stroz Friedberg study also found that 9 in 10 senior managers admitted to uploading work files to personal email and cloud-based accounts, a faux pas that could lead to intellectual property theft and attacks on corporate networks. [Which Employees Are the Biggest Security Risk?]
In a second study by Osterman Research, 160 security professionals were asked about the biggest cyberthreats facing their companies. Seventy-four percent of respondents said that malware had posed a significant threat to their networks in the past year, while 64 percent said the same for email scams.
And who did these security experts blame for such high rates of vulnerabilities? Workers themselves. Fifty-eight percent of respondents said that malware unknowingly downloaded by Web-surfing employees posed the biggest threat to corporate security. Fifty-six percent thought that the malware and phishing schemes rampant in personal webmail accounts were an even bigger threat to companies.
Much like the Stroz Friedberg study, which noted that lax Bring-Your-Own-Device (BYOD) policies were weakening corporate security, the Osterman study also found that BYOD policies were to blame for an increase in network vulnerabilities. Forty-six percent of security professionals questioned in the Osterman study said they no longer even try to manage the safe use of personal devices in the workplace.
A third survey published last week — this one a SecureData survey of more than 100 IT professionals at midsize companies — also found that clear security management strategies for employees were lacking within their organizations. And 60 percent of the IT staffers surveyed listed employee carelessness as the biggest threat to a company's cybersecurity.
The studies were compiled in a blog post by security provider Sophos.