Corporate security chiefs say insiders are greatest threat to data

Published 24 June 2009

Survey finds that 80 percent of CSIO are more concerned about employees and contractors than they are about external hackers

Eighty percent of chief information security officers (CISOs) believe that employees and contractors present a greater threat to their data than external hackers, according to a study released earlier today.

DarkReading’s Tim Wilson writes that the study, conducted by NetWitness and MIS Training Institute, was conducted at the 6th Annual CISO Executive Summit in Lisbon, Portugal, this month. Only 18 percent of the respondents said they considered hackers or nation-sponsored attacks to be a greater threat than insiders.

One in ten CISOs reported they are not planning on spending any new monies on security this year, and are trying to just survive with their existing technology investments, the study says.

Twenty-six percent view governance, risk, and compliance (GRC) verification as the primary business driver for security spending in the next twelve months.

One-third of respondents believe firewalls alone provide adequate protection against data leaks. One-quarter of CISOs reported either not having the correct data leakage protection technology, or not knowing what they should have.

What is really alarming is the misperception that traditional security approaches alone can protect against information leaks,” Sara Hook, conference director for EMEA at MIS Training Institute, told Wilson. Hook also expressed concern that “some CISOs were not sure what they need for data protection, or were not planning to focus any money in that area this year.”