Study: IT Execs Worried About Insider Threat
Annual Amplitude/VanDyke survey also shows that attackers are targeting SMBs more frequently
Insider activity is the cause of a growing number of network intrusions, according to a study published Tuesday.
The study of IT managers and network administrators, which has been conducted annually by Amplitude Research on behalf of VanDyke Software, shows a growing concern about insider threats, particularly unauthorized access by current and former employees.
More Security Insights
- Forrester Study: The Total Economic Impact of VMware View
- Securing Executives and Highly Sensitive Documents of Corporations Globally
- SaaS and E-Discovery: Navigating Complex Waters
- SaaS 2011: Adoption Soars, Yet Deployment Concerns Linger
Of the many reasons cited for network intrusions, more than half could be attributed to internal issues: lack of adequate security policies (17 percent); employee negligence (12 percent); unauthorized access by current or future employees (11 percent); employee Web usage (6 percent); and lack of software updates (6 percent). Concerns about unauthorized access nearly doubled from last year's study.
Hacker/network attacks accounted for only 14 percent of intrusions; viruses, malware, and spyware were 10 percent.
Small and midsize businesses (SMBs) also are becoming more frequent targets of attacks, according to the study. Half of the SMBs in the 2011 survey said they have experienced an intrusion of their user machines, office network, and/or servers, versus 36 percent in 2005. There was a significant decline among large companies reporting a successful intrusion -- from 67 percent in 2010 to 49 percent in 2011. In the previous year's study, a significant increase of intrusions among large companies was reported, jumping from 41 percent in 2009 to 67 percent in 2010.
Outsourcing continues to be a major strategy for many corporations, but IT pros are split as to whether outsourcing creates security issues. Thirty-six percent said outsourcing has had a positive impact on their organizations' network security; another 36 percent said it has had a negative impact. Twenty-eight percent felt there was no impact.
"Many of those who felt there was a negative impact described a feeling of uncertainty or concern about the potential network security risk involved in outsourcing technology jobs offshore," said Steve Birnkrant, CEO of Amplitude Research. "In contrast, many of those who felt there was a positive impact explained that outsourcing technology jobs offshore has worked well for their organization and/or there were cost savings."
Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.