When it comes to security, employees are every organization's weak link—but the IT department in particular may be putting their company most at risk, according to a new report from Balabit.
Some 35% of IT professionals said they see themselves as the biggest internal security risk to their organizations' networks, the report found.
Departments like HR and finance are often the easiest targets for social engineering and phishing attacks, the report noted. But many IT staffers still consider themselves the biggest risk, whether incidents occur accidentally or intentionally. This is largely due to the fact that IT staff often possess higher access rights than those in other departments, including access to business-critical data through the IT systems they manage and control, making them a prime target for cyber criminals, the report noted.
SEE: Security awareness and training policy (Tech Pro Research)
The survey included responses from 222 IT executives, security professionals, auditors, CIOs, and CISOs.
When asked about security analytics, 47% of IT professionals surveyed said the time and location of login was the most important user data for spotting malicious activity. Using corporate devices (41%) and biometrics identification characteristics such as keystroke analytics (31%) were also considered.
In terms of security technology plans, nearly one-fifth of security professionals said they plan to use analytics to track privileged user behavior in the next year, regardless of budget, the report found.
Sysadmins were considered the largest threat within the privileged user network by 42% of IT workers surveyed. These professionals were followed by C-suite executives, named by 16% of respondents. While executives do not typically possess high-level IT skills, their credentials are worth more to hackers than any other group in an organization, the report noted.
"Privileged user accounts are perfect targets for intruders and therefore pose the highest risk," Csaba Krasznay, security evangelist at Balabit, said in a press release. "IT security professional need to quickly detect any suspicious or abnormal activities in order to prevent data breaches."
SEE: Cybersecurity in an IoT and mobile world (free PDF) (ZDNet/TechRepublic special report)
Personal employee data was named the most valuable asset for hackers by 56% of respondents, as it can easily be sold, followed by customer data (50%), and financial information (46%).
"As attacks become more sophisticated, targeted attacks and APTs more commonly involve privileged users inside organizations - often via hacks involving stolen credentials," Krasznay said in the release. "Today, IT Security professionals' tough job has become even tougher. It is not enough to keep the bad guys out; security teams must continuously monitor what their own users are doing with their access rights."
For tips on how to educate all employees to avoid cyberattacks, click here.
Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.
- 35% of IT professionals said they see themselves as the biggest internal security risk to their organizations' networks. -Balabit, 2017
- Sysadmins and C-suite executives were named the largest threats within the privileged user network. -Balabit, 2017
- Personal employee data was named the most valuable asset for hackers by 56% of respondents, followed by customer data (50%), and financial information (46%). -Balabit, 2017
- Why traveling CEOs and coffee shops are your company's greatest security risks (TechRepublic)
- Report: 26% of ransomware attacks target business users (TechRepublic)
- Shipping firm warns that hackers may leak confidential information (ZDNet)
- Why SMBs are at high risk for ransomware attacks, and how they can protect themselves (TechRepublic)
- Information security incident reporting policy (Tech Pro Research)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.