A new study says that insider negligence is to blame for most ransomware attacks. This really isn’t much of a stretch given that, for the most part, ransomware is primarily installed by users who are tricked into believing it is something else (though the possibility that some of these folks are disgruntled employees remains). The report I’m talking about is the one that Varonis commissions every year from the Ponemon Institute.
While the report was issued back in early August, analysis of it is ongoing. Some additional and very troubling findings from the US and European firms sampled have emerged this week.
The vast majority of IT respondents, 61 percent, correctly view security as a high or very high priority. This suggests that 39 percent of IT shops are not on the right page.
However, only 38 percent of users share this belief. In a world of ransomware largely installed by users, this suggests a level of exposure that should be unacceptable to company boards. Ransomware attacks have hit a broad variety of organizations covering both public and private segments; hospitals and even police departments haven’t been immune. If the employees don’t take these threats seriously, no wonder these attacks have been so successful. Employee education to mitigate security exposures is one critical area that currently isn’t being funded or executed in line with the threat.
On its surface, the fact that 38 percent of practitioners and 48 percent of users think productivity is more important than security seems reasonable. However, given the current environment where one major breach can cripple a firm or ransomware can literally shut it down, trading productivity for an increased chance of a catastrophic event would seem a tad negligent.
Granted, you wouldn’t want to be so secure users can’t get things done. On the other hand, trading off adequate security just to make a job marginally easier would look incredibly foolish after a major breach or successful ransomware attack.
The fact that data protection isn’t a priority for many organizations is hard to believe given how much we’ve covered things like the Snowden and Manning data breaches and Hillary Clinton’s email. But according to the survey, only 53 percent of practitioners and just 35 percent of users think protecting company data should be a high priority.
This really suggests a lot of firms have lost touch with the reality of today’s massive data breach exposures and that they should undertake corrective action in terms of educating people on the repercussions for major data breaches. My guess is that, given all of the coverage, these kinds of problems are becoming noise. But the fact that big problems are happening frequently doesn’t mean you can just walk away from addressing them.
By the way, this apparently goes to the top because only 35 percent of users believe their top executives think security is a high priority. IT isn’t far off as only 53 percent of IT folks think top execs care adequately about security.
In my own experience, some of the worst security offenders were top execs who felt their position in the firm should allow them the “benefit” of not following security rules. I’ve seen several get fired over the years, including one CEO, for getting this wrong.
One thing that both users and practitioners seem to agree on (50 percent practitioners, 58 percent users) is that when a breach occurs, the cause is twice as likely to be an inside user as an outside attacker. Today, it largely remains far easier to trick a user into creating a breach than to just electronically pound on a firm’s defenses. Most of these users are just negligent, though about a third are intentionally doing their firms harm. I guess they figure since they are likely to create a breach they might as well do it right. It is interesting to note that 73 percent of users blame users for data breaches while IT folks are a tad kinder and only 46 percent of them agree.
This study suggests that, unless things change, many of you will be experiencing a major public avoidable breach or ransomware attack in the next few months. The results could change elections, have major adverse impact on the stock market or even trigger a war, depending on when or where it takes place.
This study should motivate us to take security more seriously, I’m afraid, given the declining results, it may instead be prophetic of a disaster yet to come.
Photo courtesy of Shutterstock.
Ethics and Artificial Intelligence: Driving Greater Equality
FEATURE | By James Maguire,
December 16, 2020
AI vs. Machine Learning vs. Deep Learning
FEATURE | By Cynthia Harvey,
December 11, 2020
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2021
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.