IT staff often see themselves as top internal data security risk
More than one third of IT professionals—35 percent—see themselves as the biggest internal security risk to networks within their organization, according to new research from Balabit, a provider of privileged access management and log management products.
IT professionals are still struggling to safeguard IT assets against the unpredictability of human behavior, the study said. While human resources and finance departments are the easiest target for social engineering, IT staff pose the biggest insider risk to networks, whether a result of accidental or intentional actions.
This is largely because IT staff often possess more expansive access rights than other users, the report said. This includes access to business-critical data through the IT systems they manage and control. This wide range of access makes them a prime target for cyber criminals, researchers concluded from the survey results.
Balabit surveyed 222 attendees at the Forum International de la Cybersécurité in France, RSA Conference, Infosecurity Europe London, and IDC Security Roadshows in CEE earlier this year. Those surveyed included IT executives and security professionals, auditors, CIOs and CISOs.
From a security analytics perspective, 47 percent of IT professionals considered the time and location of login the most important user information for spotting malicious activity. This was closely followed by private activities using corporate devices (41 percent) and biometrics identification characteristics, such as keystroke analytics (31 percent).
IT professionals are recognizing the importance of capabilities that can detect the growing threat from insiders and compromised privileged accounts, the report noted.