IT and security professionals think normal people are just the worst

Two surveys of IT and security experts suggest they put most of the blame for data insecurity at the feet of ignorant, careless employees.
Written by Chris Matyszczyk, Contributing Writer

To survive in this world, you have to have someone to blame.

If you decide everything's your fault, you'll find yourself in a mental mire from which it's almost impossible to emerge.

My torrid views are confirmed by two studies that have descended just above my sensitive MacBook butterfly keyboard.

One, courtesy of SaaS operations management platform BetterCloud, offers grim reading.

91 percent of the 500 IT and security professionals surveyed admitted they feel vulnerable to insider threats.

Which only makes one wonder about the supreme (over-)confidence of the other 9 percent.

Is there any slight corner of the online firmament that's totally secure? Every time a company tells us how important security is to it, the words dribble out shortly -- or, often many, many months -- after a security breach.

Is it, though, that IT and security professionals aren't good enough -- or that their task is impossible?

Not quite, it seems. In this survey, a fulsome 62 percent believed the biggest security threat comes from ordinary employees just trying to get through their day. Or, as the survey describes them: "the well-meaning but negligent end user."

It's heartening to imagine that IT and security professionals are neither well-meaning nor negligent.

Still, the vast majority of these 500 -- 75 percent -- believed the biggest holes for the careless are in cloud storage "solutions" such as Google Drive, Dropbox, Box and OneDrive. Email -- Gmail, Office 365 are mentioned -- is a vast problem too.

Perhaps, I thought, these were just particularly disheartened, grisly IT and security professionals.

The Forlorn 500.

Yet now I've been confronted with another survey. This one was performed by the Ponemon Institute at the behest of security-for-your-security company nCipher. Its sampling was depressingly large.

Read More

5,856 IT and security professionals from around the world were asked for their views of corporate IT security. They seemed to wail in unison at the lesser and more unwashed.

Oh, an objective 30 percent insisted that external hackers were the biggest cause for concern. A teeth-gritting 54 percent, however, said the most extreme threat to corporate IT security came from employee mistakes.

You halfwitted ordinary people. Don't you see how you're destroying the fine work of these experts? They're doing it for your own good -- well, for the corporation's own good. And all you can do is take their fine work and tread all over it as if it were a carelessly discarded ice-cream cone.

I was, though, enchanted that 21 percent of these IT and security experts pointed their fingers at malicious insiders.

Could it be that many corporations are hiring those who, deep in their bones, wish them great ill? Or do they develop this wish after a few months and years working for the corporations?

Some might chuckle that the respondents worried very little about government eavesdropping.

But there's little reason to chuckle here, is there? A vast technological system has been built and the nerds behind it seem to have forgotten they'd be relying on normal people to be its everyday guardians.

The US, it seems, is relatively advanced in enterprise encryption strategies. Only Germany, at 67 percent, leads our 65 percent adoption rate.

I pause for your patriotic cheers, before slowly bringing you back to reality's grime.

This survey found that the least likely data type to be encrypted was, goodness, health-related information.

How to secure your iPhone from hackers, snoopers, and thieves (iOS 12.1)

Editorial standards