(Irvine, Calif.) â IT executives rank misuse of portable storage devices by employees as the most serious security threat posed by insiders who unintentionally expose corporations to loss of data, malware, liability, and other security risks.
A new security study by Computer Economics, entitled Insider Misuse of Computing Resources, found that 57% of IT organization rate misuse of portable storage devices as a major threat. Also ranking high among 14 types of insider misuse are unauthorized software downloading (56%), unauthorized use of P2P file-sharing programs (54%), and unauthorized use of remote-access programs (53%).
This study examines only threats posed by insiders who inadvertently expose organizations to risk. A soon-to-be released sister report, Malicious Insider Threats, will address threats where insiders intend to harm the organization or act in a purposeful way that threatens the organizationâs interests.
âAfter taking steps to combat malware and network intrusion, IT executives are increasingly aware that today their largest threats may come from insiders, and they are taking these threats seriously,â said Frank Scavo, president of the IT research and advisory firm. âYet our study also makes clear that organizations are struggling with understanding how to combat these threats.â
Scavo said, for example, that more a third of all organizations have no policy against loading sensitive data onto portable storage media such as USB flash drives, a practice that can lead to data leakage as well as become a vector for malware to enter the corporate network. âAt the same time, the growing capacity of these drives is opening the door ever wider,â he said.
The Computer Economics study, based on a survey of 100 IT security professionals and executives, found that organizations place more emphasis on categories of misuse that can lead to loss of data or expose the organization to liability. In addition to the top-four threats, others threats rated as major by more than 40% of IT organizations include rogue wireless access points; unauthorized modems; downloading of unauthorized media; and use of personal computing devices for business purposes.
IT executives were less concerned about six other threat categories, which were rated as major threats by fewer than 25% of the executives. These included unauthorized blogging or participating in message boards concerning the organizationâs business; instant messaging using personal accounts; non-work-related web browsing; and using the organizationâs email system for personal matters. These threats primarily concern loss of worker productivity.
A summary of the reportâs key findings is freely available.
The full report, Insider Misuse of Computing Resources, analyzes threats, enforcement trends, and policies for each threat. It is available to Computer Economics subscribers and or can be purchased from our website at https://avasant.com/research/computereconomics.
Avasant’s research and other publications are based on information from the best available sources and Avasant’s independent assessment and analysis at the time of publication. Avasant takes no responsibility and assumes no liability for any error/omission or the accuracy of information contained in its research publications. Avasant does not endorse any provider, product or service described in its RadarView™ publications or any other research publications that it makes available to its users, and does not advise users to select only those providers recognized in these publications. Avasant disclaims all warranties, expressed or implied, including any warranties of merchantability or fitness for a particular purpose. None of the graphics, descriptions, research, excerpts, samples or any other content provided in the report(s) or any of its research publications may be reprinted, reproduced, redistributed or used for any external commercial purpose without prior permission from Avasant, LLC. All rights are reserved by Avasant, LLC.
Login to get free content each month and build your personal library at Avasant.com
