Security risk number 1: The employees
The greatest threat to a company's IT security - in terms of the human factor - comes from its own employees, closely followed by third parties. This assessment is shared by the majority of respondents to the current Risk:Value Report 2017 from NTT Security, specialists in information security and risk management.
The annual Risk:Value Report, compiled by the market research company Vanson Bourne on behalf of NTT Security, shows in which areas and among which individuals the greatest IT security threats lie. In response to the question "Which person or group of people do you rank first in terms of security vulnerabilities?", 23 percent of participants named "employees without management responsibility". Third parties take second place with 19 percent; Vanson Bourne counts subcontractors, external service providers and suppliers among these. The CEO takes third place; 12 percent rate him as the weakest link in IT security. Other security weaknesses cited by 11 percent of respondents include management, 10 percent customers, 7 percent administrators, 7 percent supervisory or administrative board members and 6 percent C-level executives excluding the CEO.
Raising employee awareness
"An end-to-end IT strategy must address the various security vulnerabilities on an equal footing. Even one vulnerable point can have catastrophic consequences for a company," emphasizes Kai Grunwitz, Senior Vice President EMEA at NTT Security. "One thing the study shows in no uncertain terms is that apart from the necessary technical measures, companies need to make their own employees more aware of the issue of security as a high priority. In view of the constantly changing threat situation, it is essential that workshops and training courses are held on a regular basis."
Surprising: CEOs as the third biggest security risk
Particularly surprising in the eyes of NTT Security is that the CEO was named in third place when asked about the biggest security vulnerability. "Actually, one should assume that it is the CEO's IT systems, be it the desktop PC, the mobile computer or the smartphone, that are particularly hardened and protected," says Grunwitz. "However, the respondents apparently do not consider the measures taken to be sufficient, consequently they should once again put companies under close scrutiny; after all, it is obvious that the CEO knowledge holder is a lucrative target for potential attackers. At NTT Security, we've had good experience with attack simulations specifically targeted at management, which showed that more than 70 percent of management is inadequately secured."
The "Risk:Value Executive Summary" is available for download at http://www.nttsecurity.com/RiskValue2017 available.
