Telstra study finds that employees are the biggest threat to an organisation's digital security
52% of European businesses experience unintentional actions leading to a security incident either weekly, monthly or quarterly
Of concern, 79% of organisations have at some point also been the focus of intentional and malicious employee action
LONDON, June 13, 2019 /PRNewswire/ -- The biggest risk to a European company's cybersecurity is not, as often believed, external hackers and overseas-based virus attacks, but an organisation's own employees. Whether unknowingly or intentional, the actions of those within an organisation have been shown to be the biggest threat to the digital security of a company, according to new research by technology and telecommunications company Telstra.
One of the key findings from the Telstra Cyber Security Report 2019, the study found that 88 per cent of surveyed European organisations were impacted by unintentional human error in the past year resulting in at least one incident of compromised security, integrity or availability of service.
The study, which surveyed close to 1,300 professionals across 13 countries, also revealed the frequency of these instances – 10 per cent of European companies reported experiencing weekly occurrences, 20 per cent reported monthly occurrences and 22 per cent said that it happened at quarterly intervals. Compounding this is the time it takes to detect an unintentional security incident – 27 per cent of those who were surveyed said it took days, on average, to identify such errors, while 15 per cent said it took weeks.
Perhaps even more concerning for European businesses is the number and frequency of malicious actions that are deliberately inflicted by employees. The study found that a fifth (20%) of companies surveyed experienced security incidents due to intentional employee actions on a monthly basis, and 22 per cent said it occurred every six months.
Robert Robinson, Security Practice Lead at Company85, a Telstra company said that organisations are so focused on external threats that they can often forget about the threat posed by their own employees.
"While unintentional human error and malicious activity are not 'traditional' methods of attack, it is no surprise that these are some of the leading causes of business disruption. This is because so much investment goes towards preventing external threats, the risks posed by internal employees can often be underestimated.
"What organisations need to do is make sure that their cyber security investment is proportioned well enough to properly train, educate and review staff and internal processes to ensure human error and malicious threats can be minimised."
Other key findings from the data include:
- 46 per cent of European respondents surveyed indicated that the level of concern from customers on data privacy has increased over the past 12 months
- 83 per cent of European organisations surveyed spend up to 20 per cent of their overall IT budget on security
- Human error is the biggest source of concern related to European organisations' security incidents (20%)
- Half of European victims (50%) who experienced a ransomware attack paid the ransom
The Report also found that security breaches of all types are still extremely prevalent as 64 per cent of European organisations suffered at least one security breach in the past year that resulted in a confirmed disclosure.
It showed that phishing attacks (91%), vulnerable unpatched systems (89%) and operational technologies such as video cameras and building management systems and malware attacks such as spyware, downloader, adminware (87%) are the most popular gateways for attacks. These were followed closely by operational technology attacks, business email compromises and Distributed Denial of Service (DDoS) attacks (85%), web application attacks (84%), identity theft (82%), advanced persistent threat (APT) attacks (80%), hacking 79%) and ransomware (78%).
Robinson continued, "Conventional attacks should still be a huge worry for organisations as the research shows they are still incredibly widespread. To help prevent incapacitating external attacks, organisations must ensure they have effective, enterprise-grade solutions and systems that can help reduce the chances of an attack being successful and recovering from the attack should it breach the walls."
Telstra is a leading telecommunications and information services company. We offer a full range of services and compete in all telecommunications markets in Australia, operating the largest mobile and Wi-Fi networks. Globally, we provide end-to-end solutions including managed network services, global connectivity, cloud, voice, colocation, conferencing and satellite solutions. We have licenses in Asia, Europe and the United States and offer access to more than 2,000 points of presence across the globe. For more information visit www.telstraglobal.com. For more insights, visit telstraglobal.com/disruptive-decision to download the Disruptive Decision-Making white paper.
About the 2019 Telstra Security Report
The 2019 Telstra Security Report is the outcome of research conducted by analyst firm GlobalData and involves interviews with 1,298 security professionals across 13 countries in November and December 2018. Sixty one per cent of the surveys were conducted in Asia-Pacific (APAC) and 39 per cent in Europe.