Why 91% of IT and security pros fear insider threats

Insider threats are a larger concern for most organizations than cybercriminals or hacktivists, according to a BetterCloud report.

Reduce insider threats by taking these simple steps Contrary to popular belief, most big hacks come from the inside. Prevent the worst by implementing these strategies.

The biggest security threat to your business likely isn't a cybercriminal or hacktivist, but someone already in your organization, according to a Wednesday report from BetterCloud. The vast majority (91%) of the 500 IT and security professionals surveyed said they feel vulnerable to insider threats, whether their acts are malicious or accidental.

Some 62% of professionals said they believe the largest insider security threat comes from well-meaning but negligent end users, the report found, as opposed to those who intentionally cause harm (21%) or those who are exploited by outsiders through compromised credentials (17%).

SEE: IT leader's guide to reducing insider security threats (Tech Pro Research)

More than half (53%) of respondents said they felt the employees who were most likely to be a threat were those who have left or were planning to leave the company, or contractors whose contract had ended, according to the report.

Three-fourths (75%) of respondents said they believe the biggests insider security risks lie in cloud applications, including popular file storage and email solutions like Google Drive and Dropbox.

"The rise of SaaS in the digital workplace has made companies more vulnerable than ever to insider threats," David Politis, founder and CEO of BetterCloud, said in a press release. This is due to taking control over data with SaaS applications from IT teams to end users, as well as the increasing complexity of the SaaS application infrastructure, Politis added.

Indeed, 46% of IT leaders surveyed said they believe the rise of SaaS applications has made them more vulnerable, the report found. And 40% said they believe they are most vulnerable to exposure of confidential business information, including financial data and customer lists.

Of the C-level executives surveyed, just 26% said they have invested enough to mitigate the risk of insider threats, versus 44% of IT managers, the report found.

For more information on combating insider security threats, check out this free TechRepublic PDF.

Also see

istock-688005290.jpg
Image: iStockphoto/yacobchuk

By Alison DeNisco Rayome

Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.