Around half IT secruity threats are coming from within an organisation. [shutterstock: 299936939, wk1003mike]
[shutterstock: 299936939, wk1003mike]
Blog Security

Is IT Compliance a Bigger Threat Than External Attacks?

With 43% of security threats coming from within enterprise organizations, IT compliance has never been more of a hot topic issue for the C-Suite. Here's why IT compliance may be an even bigger threat to organizations than external attacks.

While enterprise companies try to keep up with outside security threats, a larger one is lurking within. According to a recent study from Clearswift that polled 300 IT decision makers in the UK, 58% of security threats are coming from within enterprise organizations – not outside of them.

The US isn’t far behind, with an estimated 43% of security threats coming from within, according to a 2015 study by Intel.

These kinds of IT compliance related security issues range from simple phishing schemes that target employees through email to more sophisticated and intentional data leaks.

The problem, though, is that IT experts attribute half of these insider threats to non-malicious accidental incidents. Let’s restate that: more than 20% of IT attacks and data leaks are caused by employees simply making mistakes that are easily preventable.

Even with more than half of enterprise attacks coming from outside the organization, internal threats due to negligence still make up a disproportionate amount of security threats. IT compliance can mitigate that risk.

How to Improve IT Compliance in the Workplace

Improving IT compliance is easier said than done, because at the end of the day, no amount of employee training and education can remove 100% of the risk of employee negligence.

It can, however, significantly decrease that 20% by further educating employees on what is and what isn’t appropriate online behavior.

In fact, enterprise companies that are succeeding at increasing IT compliance within their organizations are the ones that are making it a joint effort by including employees and department heads in the process.

This helps the IT department understand how each department is interacting with and using the network and IT infrastructure and where the potential for leaks could be happening.

At the end of the day, the CIO and the IT department need to employ multiple tactics to combat IT non-compliance, whether that’s one-on-one departmental education sessions on appropriate IT usage or preventative technology solutions to help keep internal threats to a minimum.

Companies that take this approach will be able to focus more time and attention on threats that they can’t control.

This article was first published by Virtual Forge.


About the author

E-3 Magazine

Articles published through E-3 Magazine International. This includes press releases by our partners as well as articles and reports from the E-3 team of journalists.

Add Comment

Click here to post a comment

Social Media

Sign up for e3zine´s biweekly newsbites

Please do not use administrative mail adresses like "noreply@..", "admin@.." or similar as these may get blocked for security reasons.

We use rapidmail for dispatching our newsletter. By signing up, you agree that the data you have entered will be transmitted to rapidmail. Please take note of their terms and conditions and privacy policy.termsandconditions.

Our Authors