What IT security professionals don’t know could be what is hurting their organization the most.
While malware, advanced persistent threats, and compromised accounts top IT professionals’ lists of the most threatening security issues facing their organizations, insider threats are also a huge challenge, and one that few organizations are equipped to deal with.
According to the Cloud Adoption Practices & Priorities Survey Report released by the Cloud Security Alliance on Friday, insider threats were cited as a top security issue by 42 percent of respondents.
Seventeen percent of respondents reported a known insider threat incident in the last 12 months. Nearly one-third of respondents (31 percent) said they were not sure if an insider incident occurred, which signals a serious gap in the way companies are able to detect external versus insider security threats.
The report is based on responses from 212 participants in IT security, IT, and compliance and audit roles, from 17 different countries.
Shadow IT is an internal threat that is keeping companies on high alert of security of corporate data in the cloud, compliance violations and policy enforcement. A mere eight percent of companies report to know the scope of shadow IT within their organization. Companies in the APAC region are more concerned with shadow IT than their American and European counterparts; 85 percent of APAC respondents are concerned versus 66 percent in the Americas and 68 percent in Europe.
In a report in November, 81 percent of IT professionals said that they use unauthorized SaaS applications, and 38 percent of employees intentionally bypass IT in adopting applications because of the slow approval process.
In an effort to wrangle these unapproved cloud apps, 50 percent of companies have a policy on acceptable cloud usage. However, only 16 percent of companies surveyed are fully enforcing these policies. Less than one quarter of companies (21 percent) have a governance committee which is charged with developing and updating these policies.
Training is also an issue when it comes to acceptable cloud usage, with 22 percent of organizations having a cloud security awareness training program. Thirty-six percent of respondents plan to create one.
Cloud security projects were the leading IT project in 2014 across the board, with 75 percent of companies around the world indicating that they are important or very important. European companies are more focused on cloud security projects, with 50 percent of companies in Europe classifying cloud security projects as very important versus 38 percent of American companies.