It’s not news that employees are often the enemy of IT security, from idly surfing questionable sites to downloading screen savers (“But it said it was safe!”) to more famous cases of opening misleadingly flattering e-mails.
But are they network security Public Enemy Number One? A new report says just this.
Employee misuse of computer systems was determined to be the biggest threat to the security of computer systems, an even bigger threat than viruses, according to the Computer Security Institute’s annual survey. This was the first time in the 12 years the survey has run that insider abuse of network access or e-mail (such as trafficking in pornography or pirated software) edged out virus incidents as the most prevalent security problems, with 59 and 52 percent of respondents reporting each, respectively.
While virus incidents fell 7 percent from the previous year, employee-related incidents jumped by almost 10 percent.
Evidence of other employee-faulted security concerns was seen as well, with 25 percent of surveyed organizations reporting instant messaging misuse.
This is not the first time the finger has been pointing at employees for IT security snafus. Thirty-nine percent of users said they believed that they should be allowed to “install the applications they need on their work computers,” independent of IT oversight or policy in FaceTime Communications’ second annual Greynets Survey, released on Jan. 17. Another 53 percent of users reported they “tended to disregard” company policies that governed usage of IM and peer-to-peer file sharing.
Are employees the missing link in your IT security policy, or just the easiest to scapegoat?