Can multitasking turn you into an insider threat?
Employee Negligence Poses the Biggest Threat to Company Security in both the U.S. and Germany.
The term "insider threat" is used liberally to describe the potential for attacks that either originate or receive cooperation from sources within an organization. The government and law enforcement communities typically view this type of threat as malicious insider activity perpetrated for some sort of financial or political gain.
However, if you simplify the concept of the insider threat to only malicious activity, you may be glossing over a serious and growing problem that could be inside your office right now. While malicious activity certainly exists, vulnerabilities are being created and exploited daily by a completely different insider threat — the negligent employee.
According to the recent Raytheon|Websense-commissioned Ponemon Institute survey, "The Unintentional Insider Risk in United States and German Organizations ," employees are the biggest threat to company security in both the U.S. and Germany, and more security incidents are caused by unintentional mistakes than intentional and/or malicious acts (U.S. – 70 percent; Germany – 64 percent).
In fact, employee negligence sometimes caused by multitasking and working long hours, is an insider threat that can cost companies millions of dollars each year, and IT security practitioners are spending an average of almost three hours each day dealing with the security risks caused by it.
Germany is on the cutting edge of deploying security technology and enforcing security policies and both the U.S. and Germany are committed to mitigating insider risks. However, there are very clear cultural differences between how organizations within these countries address this challenge. Both understand that employee behaviors and company protocols impact insider threats. But when it comes to actually reducing unintentional insider risk, German organizations focus on the company's role. They are more likely to limit the practices that can lead to unintentional risks (55 percent), while U.S. companies focus on the individuals and prefer to monitor behaviors (63 percent).
It's no surprise that the increasing popularity of personal devices in the workplace makes the insider threat situation more complicated. Most organizations, in turn, have responded with stringent Bring Your Own Device (BYOD) security protocols. But, organizations need to take a closer look at the other factors in play, ones that are usually valued, and sometimes encouraged, in the U.S. – multitasking and working long hours.
To combat employee negligence, U.S. and German organizations are adding educational options to their arsenal, and implementing a mixture of training, policies and technology to address insider threats and negligence before they can cause major issues. Depending on the infraction or pattern of behavior, security teams can determine whether or not activities represent malicious intent, are a result of failed security protocols or are a byproduct of an uninformed user. Once that determination is made, steps can be taken to remedy it.