Poor IT security practices a bigger threat than hackers, survey says

When it comes to IT security, small mistakes can have huge consequences. In fact, failure to follow internal procedures is typically a bigger danger to organizations than hackers, according to a recent study. 

The trouble that can be caused by small errors was shown in a recent data breach involving Utah’s state Medicaid system. Apparently, hackers accessed a database and stole sensitive information about an estimated 780,000 people, or about one-sixth of Utah’s total population.

The cause of the breach: an unspecified “configuration error,” according to reports. Apparently, an IT staff member put a server online without first setting the proper security controls.

Those seemingly simple issues are behind most day-to-day IT security risks, according to a recent survey by vendor AlgoSec.

Failure to adhere to established security policies and procedures has led to problems in most of the organizations surveyed. In fact, more than half (54%) of respondents said that configuration changes that were made out-of-process led to system outages at their businesses. Another 20% said an out-of-process change has resulted in a data breach.

Problems with internal processes and human error are prevalent enough that they’re seen as bigger threats than hackers, according to the report. When asked what they saw as the greatest security threats to their organizations, the 182 IT professionals surveyed answered:

  1. Lack of visibility into their applications and networks (29%)
  2. Malicious or negligent insiders (28%), and
  3. Outside hackers (19%).

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy