Survey: Insider Theft Tops CIO Worry List
A majority of North American IT chiefs view theft from within as a much greater
threat than theft from without, according
to a new survey
from Secure Computing Corp., an enterprise gateway security
Insider threats stemming from intentional and unintentional data leaks are
keeping many IT chiefs awake at night, with fully 80 percent of respondents
citing theft from within as their No. 1 security issue overall.
A few caveats: Secure Computing's survey sample size of 103 CIOs at U.S. companies
is small, and Secure Computing (as a purveyor of gateway devices designed to
both keep the bad guys out and protected content in) does have a dog in the
race. Nonetheless, its survey data does raise some provocative issues, as well
as explode a few popular myths.
Less than one in five (17 percent) CIOs said they're more concerned about external
than internal threats, and more than one-third (37 percent) of respondents acknowledged
that their organizations had experienced the loss or theft of sensitive information
over the last 12 months.
Surprisingly -- or not, depending on your point of view -- a plurality of respondents
(34 percent) cited e-mail as their No. 1 security concern. This was followed
by VoIP leakage or theft (cited by one-quarter of respondents) and is even deemed
a more substantive threat than unsanctioned Web surfing, which only 21 percent
of IT directors said is a top priority.
Likewise, Secure Computing indicated, CIOs aren't sure what to make of Web
2.0-related security concerns. In such cases, they're more likely to cite damage
from external threats (e.g., malicious Web 2.0 services or gadgets) as a bigger
danger than Web 2.0-related spam or, interestingly, the potential loss or theft
of data from Web 2.0 applications.
Where hackers are concerned, CIOs don't have hackers on the brain: Fewer than
a quarter of respondents cited hacking or hackers as the biggest overall security
threat facing their organizations. Instead, more than half of respondents cited
malware as their biggest concern.
Not surprisingly, CIOs are throwing money at their anxieties, directing the
bulk of their security-related IT spending to shoring up internal safeguards.
More than one-third of chiefs cited internal security as their primary area
of IT spending, while -- shockingly, given the current state of the economy
-- CIOs say spending to improve IT asset management is actually lowest
on their priority lists. (Asset management-related spending typically spikes
during periods of economic uncertainty.)
Elsewhere, Secure Computing claimed, IT security itself is undergoing a perceptual
shift of sorts: Only 11 percent of respondents said their boards perceive security
spending as a "necessary evil." Almost 90 percent saw security-related
spending as "at least as important" as other kinds of IT spending.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.