Forget North Korea, your employees are your biggest security liability

This warning has been around for years and hasn't changed, which means management isn't getting the message.

byod security

While the purported Sony hack by North Korea gets all the news, one old saw about IT security remains unchanged – employees, not outside hackers, represent the biggest security risk to a company and are still the most likely weak points in relation to cloud data security.

CloudEntr, a Gemalto company that specializes in cybersecurity (how convenient), conducted a survey of 438 IT pros across 20+ different industries. It published its findings in its 2015 State of SMB Cybersecurity report.

According to the IT pros, 77% said that staff members are the weakest link in their security infrastructure and a liability when it comes to cloud usage. This is especially true among larger firms, where more data is being handled.

Regulated industries have greater challenges than non-regulated industries with compliance (51% vs. 28%) and access management (37% vs. 23%). Employees are perceived as most problematic in financial services (81%) and non-profit organizations (84%).

The areas labelled as the top security challenges were social engineering (48%), followed by managing BYOD (42%), and compliance issues (34%).

The report noted that SMBs with between 50 and 99 people on staff have the highest usage of cloud services and they are better at keeping up with compliance issues, authentication, and password management solutions more often than other SMBs.

As yet more proof that the inmates often run the asylum, 29% of IT pros reported that they have no plans to use the cloud, and of that group, 80% said they have no formal policy or regulations against cloud use. Not surprisingly, 43% of IT pros not currently using cloud know of departments or individuals within their company that use the cloud without company approval.

So what is IT doing about it? The top reply was to increase employee education in the next year (89%), followed by stronger network perimeter security (62%) and stronger server security (46%).

Copyright © 2014 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022