Security training programmes don't do enough to mitigate insider risk
"Employee-related security risks top the list of concerns for security professionals, but organisations aren't doing enough to prevent negligent employee behaviour, according to a new study.
Last month, security research firm Ponemon Institute, sponsored by Experian Data Breach Resolution, surveyed 601 individuals at companies with a data protection and privacy training programme on the issue of negligent and malicious employee behaviours for the Managing Insider Risk through Training & Culture report.
66% of respondents said employees are the weakest link in their efforts to create a strong security posture and 55% said their organisation had suffered a security incident or data breach due to a malicious or negligent employee.
The negligent and malicious behaviours that concern security professionals the most include the following.”
• Technical support roles set to be automated out of existence
• Tech chiefs are happier and more ambitious, finds survey
• Hacker selling 167 million LinkedIn user details
• Are we really better off as part of the EU?
• Microsoft makes it easier for firms to keep running Windows 7
• Why does old malware refuse to die…and is the IT security industry doing enough to kill it?
• Security training programmes don't do enough to mitigate insider risk
• UK staff confident in their company mobile security
• HumanOps calls for improved working conditions for infrastructure operations staff
• And finally…Hacker thrown in jail for reporting police system security flaws