There is a lot of talk these days about cybercrime. News of large-scale IT security breaches are not unusual. Blame is often assigned to the sinister motivations of rogue governments, terrorists, or anarchists. But those closest to the problem say the root cause behind most data breaches is lax internal security, not the skills of cunning hackers.
A recent survey by the Ponemon Institute claims 71% of employees have access to data they should not see, and more than half say this access is frequent or very frequent. Other findings from the survey point to lax internal security as a serious problem in organizations of all sizes:
- 4 out of 5 IT practitioners (80%) say their organizations don’t enforce a strict least-privilege (or need-to-know) data model;
- 73% of end users believe the growth of emails, presentations, multimedia files, and other types of company data has very significantly or significantly affected their ability to find and access data;
- 76% of end users believe there are times when it is acceptable to transfer work documents to their personal devices, while only 13% of IT practitioners agree;
- 67% of IT practitioners say their organization experienced the loss or theft of company data over the past two years, while only 44% of end users believe this has happened;
- 43% of end users say it takes weeks, months or longer to be granted access to data they request access to in order to do their jobs, and only 22% report that access is typically granted within minutes or hours.