Finance and Human Resources (HR) departments are thought to represent the biggest information security threat to organizations. The male, office-based middle managers in the finance department are viewed as most likely to present an internal security threat, accidental or malicious, by their employers.
These findings were revealed according to an interesting research by Clearswift, a global cyber security innovator and data loss prevention provider.
“Senior managers are generally in tune with the consequences of data loss, while junior people often don’t have access to the kind of data that can cause disasters,” said Heath Davies, chief executive officer, Clearswift.
Davies added: “Middle aged, middle managers are in between – having access to the data, but no obvious stake in the consequences of losing it. They are also more likely to be under time and financial pressure, and so may be more inclined to take risks. This makes them more likely to make mistakes or even succumb to foul play.”
These concerns relate to the potential for mistakes made by employees within Finance and HR, such as accidently sending personal (salaries, social security numbers, bank accounts, etc.) or proprietary (contracts, customer details, etc.) information to the wrong person(s), as well as inadvertently installing malware similar to those behind countless headline-making data breaches, including last year’s eBay attack which exposed millions of customer passwords.
This perceived risk could be because these departments have access to very sensitive data. However, the results suggest cultural factors also make people in these departments a higher risk since Legal and Compliance, which have access to equally sensitive data, were considered a much lower risk (only 19 percent of respondents expressed security concerns).
The statistical findings as per the survey reveal:
The data above was drawn from polling over 500 information technology decision makers and 4000 employees. The research was conducted by technology research firm Loudhouse on behalf of Clearswift.
“Despite all the security worries about people working out of the office on whatever devices they want, those in the office actually have easier access to sensitive data, so are more likely to lose it,” explains Davies.
“We’re not proposing targeting individuals, but if you can understand the combination of factors that make certain people in certain roles more of a risk, you can focus your resources on ensuring those breaches don’t happen. For example, you could provide tailored security training or put in more sophisticated layers of security around particular segments of the business. Cyber security is a constant balancing act between maintaining security and the freedom to collaborate.”
We live in a complex, changing world and threats will be different in different parts of the organization. With detailed understanding of the true nature of the threats from inside their own organizations, and adaptive security technology, companies are in a much better position to identify the challenges and deploy the right solutions in the right places.
Image credit: flickr.com