Employees ‘biggest threat to IT security’

Businesses worldwide are recognising that employees are one of the biggest threats to IT security, new research has revealed.

A survey of 250 IT professionals conducted at the Infosecurity Europe 2014 event noted that 44 per cent of organisations felt staff ignorance was a problem that could lead to breaches.

This compared with 20 per cent of respondents who argued that malicious insiders were the largest potential threat to business systems.

Overall, 70 per cent of participants listed employees as the most common shortcoming in their IT security plans, while 20 per cent cited current processes and just 9 per cent said technology.

The poll, which was conducted by AppRiver, largely quizzed IT professionals from the UK and the US, but the results have ramifications for countries worldwide, including Australia.

Earlier this month, a Ponemon Institute survey found just 40 per cent of Australian businesses were educating their staff on cyber security risks. Only Brazil had lower IT security training participation.

Troy Gill, AppRiver senior security analyst, said new threats are hitting businesses every day and employees must be prepared.

"We've seen a dramatic increase in phishing attacks since the beginning of this year, with many proving successful, which is a classic example of how an unsuspecting user can unwittingly put the organisation at risk," he said.

"Educating users to these types of attack vectors is just one element of effective remediation."

Aside from training, Mr Gill also recommended removing suspicious electronic packages from mailboxes automatically to ensure no one opens them and releases potential viruses.

When the same survey was completed last year, many US organisations blamed external influences, which indicates the shift in attitudes regarding IT security threats. 

In 2013, Mr Gill admitted it is hard to plan for employee ignorance, but training and automation help mitigate many of the potential risks businesses face.