The Biggest Security Threat, Mobile Payments and Beyond, Is Internal

October 5, 2018         By: Steven Anderson

Protecting ourselves against hacking is a vital part of operations any more. With good reason; one of those hackers gets into a system, who knows what could be gone? Passwords, money, customer information…it’s all at risk, everywhere from our work files to our mobile payments. A new study sent our way from the Netwrix Corporation, meanwhile, reveals that, in grandest Walt Kelly style, we have met the enemy…and he is us.

The Netwrix study, its 2018 IT Risks Report, reveals that there are six major risks when it comes to IT: compliance penalties, data breach, data loss, intellectual property theft, physical damage and system disruption. While all of these things are potential disasters, depending on how far they reach and how much damage they do, it turns out there’s a common link, and one most didn’t expect.

Many companies consider hacker attacks to be the biggest threat, but it turns out that it’s a company’s own employees—essentially, insiders—that pose the biggest risk. Security policies also take a share of blame here; just over one in three organizations doesn’t get rid of stale data or practice data classification on a regular basis. Twenty percent of firms exercise such measures “rarely,” and 14 percent never do.

While 70 percent have done an IT risk assessment at some point, just 33 percent perform regular evaluations. Forty-four percent have no idea what employees are doing with data considered sensitive, and better than 60 percent believe it really doesn’t  matter because they believe they have sufficient visibility into their systems, whether they actually have it or not.

Our data security is vital. Whether it’s preventing the government from landing on our throats with two big booted feet labeled “HIPAA” or keeping people from running up big bills on our mobile payments systems, we have to protect ourselves. We have to use the strong passwords even if they’re next to impossible to remember. We have to make the password changes. We have to know what we’re doing and do it, because no one else will.

This study only serves to show how woefully unprepared we are. At the same time, however, it’s likely the wake-up call many of us needed.