Unintentional mistakes caused by multi-tasking and working long hours result in more security incidents than intentional attacks, a new survey said.
These security oversights can cost companies millions of dollars each year. It can cost a U.S. company as much as $1.5 million and Germany companies €1.6 million in time wasted responding to security incidents caused by human error, according to a Ponemon Institute report.
The survey also found 70 percent of U.S. survey respondents and 64 percent of German respondents report more security incidents end up the result of unintentional mistakes than intentional and/or malicious acts.
While there are similarities in how U.S. and German organizations perceive insider threats, there are also clear cultural differences in the causes of unintentional insider risk.
German respondents are more likely to agree their organizations do not have the necessary safeguards in place to protect against careless employees (54 percent).
U.S. respondents, on the other hand, reported employees do not have the proper training to follow data security policies (60 percent) and that senior executives do not consider data security a priority (50 percent).
“Maliciousness is tagged as the leading cause in insider threat discussions, but the impact of negligence cannot be overlooked,” said Ed Hammersla, president of Raytheon|Websense. “As the Ponemon study reveals, security incidents are caused by negligence which leads to a decrease in IT productivity. Workplace stress, multitasking, long hours and a lack of resources and budget are the biggest contributors to employee negligence. Having programs in place that include a mixture of training, policy and technology are vital to addressing insider threats before they become a major issue.”
Additional key findings include:
• Unintentional employee negligence severely diminishes the productivity of the IT function according to 73 percent of U.S. respondents and 67 percent of German respondents.
• Long hours and multitasking are red flags for risk. Multi-taskers are more likely to be careless or negligent according to 79 percent of U.S. respondents and 81 percent of German respondents.
• German respondents are more likely to limit practices that can create unintentional risk (55 percent), while their American counterparts prefer to monitor employees’ behavior (63 percent).
• In the U.S. and Germany, IT security practitioners spend an average of almost three hours each day dealing with the security risks caused by employee mistakes or negligence.
• German and U.S. respondents report ordinary users, contractors or third-parties pose the biggest threat to security.