Malicious Intent Is Biggest Threat to Personal Data

• Content
• News
• Malicious Intent Is Biggest Threat to Personal Data

26 April 2019 | Updated 30 April 2019

A social media poll has found that sixty-five per cent of respondents believe that humans pose the biggest threat to their personal data rather than cyber criminals.

So, against the backdrop of a complex and growing cyber threat landscape, organisations are waking up to the fact that one of the biggest chinks in their armour against a data security breach is humans. In fact, fifty-two per cent of respondents believe that people with malicious intent present the biggest danger, whilst thirteen per cent believe that unintentional human error is also a risk.

In stark comparison, just thirty-five per cent of those polled see technology as a threat to personal data.

Policy breaches

Worse still, twenty per cent admitted they have breached corporate policies around data protection, with a further thirty-four per cent admitting they don’t even know of a policy within their organisation. Not only does this highlight the frequency and willingness of employees to breach corporate policy, it also demonstrates the lack of awareness and education around corporate data security.

Jon Fielding, EMEA MD for Apricorn which commissioned the survey, said: “The findings of our poll show that businesses have good reason to be concerned about employees contributing to cyber-security risks. Whether staff are making unintentional user errors or compromising data with malicious intent, business data and systems are at risk. The most dangerous aspect of insider threats and human error is the fact that the access and activities are coming from trusted users and systems. They can very easily go undetected if organisations are too complacent in their approach to data security.”

Loss and theft

The Apricorn poll also found that over a quarter (27%) of respondents admitted that they had either lost, misplaced or had a device stolen containing sensitive corporate information.

Fielding said: "Organisations should incorporate and enforce information security policies, procedures and, ideally, encryption on all mobile devices, be it laptops, mobiles or other removable media. It’s not enough to simply have an IT security policy in place, staff need to be educated about the policies and the importance of data security, to help mitigate these risks. IT security should also be enforced through technology, such as end point control only accepting corporately approved and encrypted devices for example."

Fines

Any data breach has the potential for huge reputational damage and financial losses. With GDPR now in full force, organisations must ensure they monitor how data is processed, stored, retrieved, protected and deleted in order to remedy any shortcomings and ultimately avoid a costly data breach. Organisations need to establish and maintain even basic level security to avoid the associated risks posed by insiders, malicious or otherwise.

Infosecurity Europe

Jon Fielding will be speaking at the upcoming Infosecurity Europe event taking place at Olympia, Hammersmith, London, from 4-6 June 2019.

The Apricorn Twitter poll attracted 12,527 responses. The company is a manufacturer of software-free, 256-bit AES XTS hardware-encrypted USB storage devices.

Picture: Jon Fielding

Article written by Cathryn Ellis | Published 26 April 2019

Share

Related Articles