What’s the most common security threat for an organization?

IT professionals believe their organizations aren’t doing enough to protect critical data and systems, according to Sungard Availability Services.

What is triggering this belief? Poor employee security behavior – such as bad password “hygiene” and overall security awareness – and the need for greater cloud security rise to the top of the list. These two diverse concerns tell us one glaring fact: security is a threat from all angles, even if unintentional.

One misconception when it comes to organization security is that threats typically come from outside an organization. The truth is, many security breaches originate from within the walls of a business and are driven by ignorance.

IT professionals point blame on their colleagues for one of the biggest threats to their organization’s overall security. Nearly two-thirds (62%) of survey respondents ranked leaving laptops and mobile phones in vulnerable places as their organization’s most common security threat, followed by employee password sharing (51%).

Concerning password hygiene, respondents say the most important components to a password’s health relate to avoiding adjacent keyboard combinations – such as “qwerty” – and to changing passwords often and using a password just once.

The importance of stringent security plans in all areas of an organization – from employee personal devices to cloud platforms – is vital in today’s “always-on” world where security threats change daily. In this environment, internal penetration testing, where an ethical hacker attempts to gain access to a company’s systems, can be one way of ensuring IT security and resiliency.

Concerning the health of an organization’s IT infrastructure, three-out-of-four (76%) IT professionals believe their organizations could do more to improve cloud security. More than half (54%) of respondents say security is the most critical factor for companies to consider when making the decision to move to the cloud. Yet, it’s also the most overlooked.

“Too often, IT managers fail to ask cloud providers the targeted security questions that will help them create a strong cloud transformation plan and a sustainable security plan after go-live,” maintains Matt Goche, director, Security Consulting at Sungard AS. “Our data reveals a disconnect. People know cloud security is important but aren’t taking the necessary precautions to safeguard their organization’s resiliency.”

The surveyed IT professionals recognize this disconnect and agree there needs to be an increased emphasis placed on security in the cloud. The majority of respondents identified security as the one factor given insufficient attention when making the decision to move to the cloud, followed by vendor support and cloud-based disaster recovery.

“The writing is on the wall. IT professionals – beyond those who focus solely on security – are worried about internal and external threats that could put their organization in a compromising position,” concluded Goche.


Subscribe to the Help Net Security breaking news e-mail alerts:

More about

Don't miss