Welcome!

News Feed Item

IT Security Professionals Say That the Overwhelming Majority of Security Risks Are the Result of Human Error or Attack, While Only Half of Their Budgets Are Spent to Defend Against Them

BalaBit eCSI Report Survey Conducted at RSA Conference 2014 Underlines That It Is Time to Allocate IT Security Budgeting According to Real, Human Threats

NEW YORK, NY -- (Marketwired) -- 03/25/14 -- BalaBit IT Security (www.balabit.com), a global leader in the development of privileged activity monitoring, trusted logging and proxy-based gateway technologies today announced its latest eCSI Report survey results.

Conducted among nearly 300 attendees at the recent RSA Conference in San Francisco, the survey results show that 84 percent of IT security related losses can be attributed to human elements (such as human error, sophisticated internal or external attackers) with the remaining 16 percent related to infrastructure issues (system malfunction, automated attack). The survey noted that, when it comes to budgeting, the ratio is balanced: only 55 percent of budgets are spent for managing human risk and 45 percent for infrastructure risk.

Companies still concentrate their IT security resources on infrastructure security and external risk factors. Respondents ranked the main risk factors according to their share of IT budgets in the following order:

  • 30 percent prioritized external attackers above all other risks
  • 28 percent said system malfunctions are most important
  • 17 percent said automatic attacks
  • Protection against human errors and internal attackers were a top budget priority for only a small minority of respondents (13 percent and 12 percent, respectively)

But, when IT security threats were ranked in order of potential costs, results show a very different picture:

  • 51 percent of those surveyed said that human errors cause the greatest financial loss
  • 18 percent for external attackers
  • 15 percent for internal attackers
  • 9 percent for system malfunctions
  • 7 percent for automated attacks

"The biggest difference that our survey revealed is that IT professionals clearly see that human errors cause 51 percent of their losses. But when they are planning their budget, only 13 percent of them put preventing human errors at the top of the list and even 40 percent of respondents ranked human errors as least important. If companies are aiming to spend their IT security budget responsibly, it's high time to do away with this commonly held fallacy," said Zoltán Györkő, CEO of BalaBit IT Security.

IT security experts not only need to build and maintain secure IT systems, but also need to ensure business continuity and support users do their job. RSA Conference attendees were asked to estimate how much the level of their IT security at their company is reduced by satisfying the needs of special users. 83 percent of respondents said that their security level is reduced (heavily 19 percent, notably 32 percent and moderately 32 percent), to accommodate special users.

"Access controls can be self-defeating. Because of their inflexibility, they are often not able to prevent breaches but restrict people from doing their jobs efficiently. Advanced monitoring can be effective tool against IT security risks related to human elements, regardless whether the source is external or internal. Human risks can be highly decreased by detecting and blocking suspicious user activities. Real time alerting and monitoring is inevitable for privileged accounts, which have rights to access, modify or delete sensitive company information, no wonder their credentials are the primary target for hackers. A higher rate of detection -- even during preparation -- is more deterrent than passive control and more business-friendly at the same time," Györkő added.

An infographic is available at http://bit.ly/1gDmsDz

BalaBit revealed the survey results at the recent Gartner Identity and Access Management Summit held in London.

About BalaBit

BalaBit IT Security is an innovative information security company, a global leader in the development of privileged activity monitoring, trusted logging and proxy-based gateway technologies to help protect customers against internal and external threats and meet security and compliance regulations. As an active member of the open source community, we provide solutions to a uniquely wide range of both open source and proprietary platforms, even for the most complex and heterogeneous IT systems across physical, virtual and cloud environments.

BalaBit is also known as "the syslog-ng company", based on the company's flagship product, the open source log server application, which is used by more than 1 million installations worldwide and became the globally acknowledged de-facto industry standard.

BalaBit, a fastest growing IT security software developer company based on Deloitte Technology Fast 50 CE Lists, where BalaBit has been included four times in the fast five years. The company has local offices in France, Germany, Russia, and in the USA, and cooperates with partners worldwide. Our R&D and global support centers are located in Hungary, Europe.

For more information, visit www.balabit.com.

Media Contact:
Dan Chmielewski
Madison Alexander PR
Office +1 714-832-8716
Mobile: +1 949-231-2965
Email Contact

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
DXWorldEXPO | CloudEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
Machine learning provides predictive models which a business can apply in countless ways to better understand its customers and operations. Since machine learning was first developed with flat, tabular data in mind, it is still not widely understood: when does it make sense to use graph databases and machine learning in combination? This talk tackles the question from two ends: classifying predictive analytics methods and assessing graph database attributes. It also examines the ongoing lifecycl...
Daniel Jones is CTO of EngineerBetter, helping enterprises deliver value faster. Previously he was an IT consultant, indie video games developer, head of web development in the finance sector, and an award-winning martial artist. Continuous Delivery makes it possible to exploit findings of cognitive psychology and neuroscience to increase the productivity and happiness of our teams.
Enterprises are striving to become digital businesses for differentiated innovation and customer-centricity. Traditionally, they focused on digitizing processes and paper workflow. To be a disruptor and compete against new players, they need to gain insight into business data and innovate at scale. Cloud and cognitive technologies can help them leverage hidden data in SAP/ERP systems to fuel their businesses to accelerate digital transformation success.
DXWorldEXPO LLC announced today that Telecom Reseller has been named "Media Sponsor" of CloudEXPO | DXWorldEXPO 2018 New York, which will take place on November 11-13, 2018 in New York City, NY. Telecom Reseller reports on Unified Communications, UCaaS, BPaaS for enterprise and SMBs. They report extensively on both customer premises based solutions such as IP-PBX as well as cloud based and hosted platforms.
Digital Transformation: Preparing Cloud & IoT Security for the Age of Artificial Intelligence. As automation and artificial intelligence (AI) power solution development and delivery, many businesses need to build backend cloud capabilities. Well-poised organizations, marketing smart devices with AI and BlockChain capabilities prepare to refine compliance and regulatory capabilities in 2018. Volumes of health, financial, technical and privacy data, along with tightening compliance requirements by...
Transformation Abstract Encryption and privacy in the cloud is a daunting yet essential task for both security practitioners and application developers, especially as applications continue moving to the cloud at an exponential rate. What are some best practices and processes for enterprises to follow that balance both security and ease of use requirements? What technologies are available to empower enterprises with code, data and key protection from cloud providers, system administrators, inside...
The deluge of IoT sensor data collected from connected devices and the powerful AI required to make that data actionable are giving rise to a hybrid ecosystem in which cloud, on-prem and edge processes become interweaved. Attendees will learn how emerging composable infrastructure solutions deliver the adaptive architecture needed to manage this new data reality. Machine learning algorithms can better anticipate data storms and automate resources to support surges, including fully scalable GPU-c...
To Really Work for Enterprises, MultiCloud Adoption Requires Far Better and Inclusive Cloud Monitoring and Cost Management … But How? Overwhelmingly, even as enterprises have adopted cloud computing and are expanding to multi-cloud computing, IT leaders remain concerned about how to monitor, manage and control costs across hybrid and multi-cloud deployments. It’s clear that traditional IT monitoring and management approaches, designed after all for on-premises data centers, are falling short in ...
Consumer-driven contracts are an essential part of a mature microservice testing portfolio enabling independent service deployments. In this presentation we'll provide an overview of the tools, patterns and pain points we've seen when implementing contract testing in large development organizations.
With more than 30 Kubernetes solutions in the marketplace, it's tempting to think Kubernetes and the vendor ecosystem has solved the problem of operationalizing containers at scale or of automatically managing the elasticity of the underlying infrastructure that these solutions need to be truly scalable. Far from it. There are at least six major pain points that companies experience when they try to deploy and run Kubernetes in their complex environments. In this presentation, the speaker will d...
DXWordEXPO New York 2018, colocated with CloudEXPO New York 2018 will be held November 11-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI, Machine Learning and WebRTC to one location.
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portability. In this session we'll describe best practices for "configuration as code" in a Kubernetes environment. We will demonstrate how a properly constructed containerized app can be deployed to both Amazon and Azure ...
We are seeing a major migration of enterprises applications to the cloud. As cloud and business use of real time applications accelerate, legacy networks are no longer able to architecturally support cloud adoption and deliver the performance and security required by highly distributed enterprises. These outdated solutions have become more costly and complicated to implement, install, manage, and maintain.SD-WAN offers unlimited capabilities for accessing the benefits of the cloud and Internet. ...
Business professionals no longer wonder if they'll migrate to the cloud; it's now a matter of when. The cloud environment has proved to be a major force in transitioning to an agile business model that enables quick decisions and fast implementation that solidify customer relationships. And when the cloud is combined with the power of cognitive computing, it drives innovation and transformation that achieves astounding competitive advantage.