External attacks from cybercriminals will soon pose a greater risk to the corporate world than insider threats, according to the results of a Cyber-Ark survey (PDF) released yesterday.
Polling more than 1,400 IT staffers and top-level executives around the world, Cyber-Ark Software's fifth annual "Trust, Security and Passwords" report tried to get a sense of the security dangers that concern the corporate world for now and in the near future. The survey found that 57 percent of the executives believe that over the next one to three years, cybercriminals will present more of a security risk than will any insider threats.
The poll found particular concerns over certain security holes. Noting the recent security breach at EMC's RSA unit that targeted privileged accounts and passwords, Cyber-Ark discovered that a quarter of the IT pros surveyed admitted that their own privileged accounts are not being monitored or controlled.
As always, insiders still pose a difficult security challenge at many corporations.
Among the executives questioned, 20 percent said that their companies had been hit by insider sabotage, while 16 percent believe their competitors have gotten confidential and sensitive information from insider sources.
Snooping also continues to be a problem at many organizations.
Asked if they had ever retrieved information not relevant to their jobs, 28 percent of the IT staffers in North America and 44 percent of those in Europe and other regions said that they had. Futher, 20 percent of those in North America and 31 percent in other continents admitted using an administrative password to gain access to confidential or sensitive information.
Among all of those surveyed, 48 percent pointed to IT staffers as those most likely to snoop, while 10 percent picked managers and 7 percent fingered the human resources department.
"Increased awareness that attack vectors can and do originate from both external and internal sources can be attributed in large part to the spectacular external-born breaches that drew headlines in the past year, including the NASDAQ and Gawker breaches," Adam Bosnian, a Cyber-Ark executive vice president, said in a statement. "Regardless of the attack vector, the targets inside an enterprise remain the same--highly sensitive intellectual, financial and customer information."
Conducted this spring, Cyber-Ark's survey included responses from 1,422 IT staffers and top executives from companies in North America and the EMEA (Europe, the Middle East, and Africa).