IT Professionals Have Met the Enemy And It Is Them

IT Professionals Have Met the Enemy And It Is Them

September 6, 2019 Business Insurance and Risk Management, The Beacon Blog 0 Comments

According to a post on the Cyber Security Intelligence website (https://www.cybersecurityintellignce.com) security experts at Gurcul conducted a survey on risky workplace behavior at the 2019 Blackhat USA Conference. 476 IT security professionals from around the world completed a questionnaire; more than half work for organizations with at least 2,500 employees. The results should be disturbing for those who think outsiders are the main or only threat to cybersecurity.

  • 24% would take (steal) company information to help apply for a job with a competitor.
  • 32% think fraud is most likely to occur in the finance department.
  • The main sources of third party risk are manged service providers (34%) and developers (30%). 74% of respondents tightened third party access because of breaches.
  • 44% of respondents spend at least one hour a day on non work-related websites. This is more likely in larger organizations. Browsing social media is the most popular online activity. (Besides lost productivity, this behavior increase the risk of introducing  malware or viruses into the organization’s computer network.)

This survey shows that computer fraud and security risks from insiders including trusted third parties are as much a threat as malicious outsiders. Leading security organizations are using machine learning to compare user behavior against baselines of normal activity. Truly, no one can be above suspicion.




About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.