Network Computing is part of the Informa Tech Division of Informa PLC
What Keeps Security Pros Awake at Night?
Security professionals worry about threats from outside attackers, but it's the danger from within the company that really keeps them awake at night.
That's a key takeaway from our most recent InformationWeek Analytics/DarkReading.com survey, in which 52% of more than 400 respondents say they're most concerned about internal risks, including both accidental and malicious data compromises by employees or business partners during the course of their day-to-day activities
It's hard to say whether these fears are driven by a real increase in internal security incidents or by sensationalized media coverage of public reports of internal breaches, spurred by recently instituted mandatory disclosure laws. What we do know is that the relative lack of defenses available for stopping internal attacks is a factor. There are, sadly, few proven methods to stop an employee with a strong will, an ax to grind, and a privileged password.
When asked about the most potentially dangerous individual events that could occur in their organizations, 35% cite another insider-related mishap: the loss or theft of a laptop or portable storage device. Again, this likely reflects recent media coverage of corporate security breaches, in which large amounts of personal data have been lost unintentionally, causing black eyes for the companies involved. Costs for identity-theft protection can pale next to damage to their brands and a loss of customer trust.
In the end, then, what one change would make our lives better--and the company's data safer? The No. 1 wish, by a slim margin, is for "smarter end users who understand security risks." Good luck with that. The No. 2 wish is for more automated security technology that would allow us to do less firefighting and focus more on strategic issues and emerging threats.
Recommended For You
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.