What You Won’t See On All the Other “Top Threats for 2015” Lists, Part II

We wrap up our take on 2015’s threat horizon with a look at another potentially dangerous entity close to your organization—your partners.

We kicked off our three-part series on 2015’s greatest security threats with a spotlight on the vicious cycle of breaches and regulations, and the threat both pose to the well-being of the organization. This time around, we focus on the threat from the inside.
Threat No. 2: Untrained Employees
No question about it: employees are the most-cited culprits of information security incidents. PWC’s 2015 US State of Cybercrime Survey found that nearly a third of respondents said insider actions are more costly or damaging than incidents perpetrated by outsiders. With all the attacks that occur on a daily basis by outsiders, the threat they pose actually pales in comparison to the threat from within. Yet incredibly, most organizations do not have a program in place to properly educate, prevent, detect, or respond to such internally-caused breaches.
No wonder, then, that information security regulations are stepping up the requirements for security and privacy awareness training (see Threat No. 1). Do organizations really need a legal mandate in order to preserve their own wellbeing?! Apparently so.
Further, the PWC report found that for 2014, only 51% of respondents said they have a security awareness and training program—down from 60% last year. Down nearly 10%! Music to the ears to cybercriminals.
What to Do About It
While employees may be the bad actors—whether or not their intentions are malicious—it is ultimately management’s responsibility to see to it that their people are properly educated to create the competencies their organizations need to keep their information safe. And it’s in their best financial interests to do so. The PWC report concludes, “Businesses that have security awareness report significantly lower average financial losses from cybersecurity incidents. And the savings can be significant: We found companies that do not have security training for new hires reported annual financial losses that are four times greater than those that do have training.”
File this under “no brainer.”
Next time, we’ll look outside the organization for another overlooked but vitally important aspect of information security—your third-party partners.

Share this Post