A recent survey of 317 IT security professionals found that 49 percent are more concerned about internal threats than external threats.
The survey, conducted by Dimensional Research and commissioned by Preempt, also found that the top concerns about insider threats are malware installed by careless employees (73 percent), stolen or compromised credentials (66 percent), stolen data (65 percent), and abuse of admin credentials.
The vast majority of respondents (87 percent) said they're more concerned about naive individuals who bend the rules to get their job done, while just 13 percent are more concerned about malicious insiders who actually intend to do harm.
Fully 91 percent of respondents said insiders have access to systems they shouldn't, and 70 percent said they're unable to monitor privileged user activities effectively.
"Intentional or not, insider threats are real," Preempt co-founder and CEO Ajit Sancheti said in a statement. "From Snowden to the FDIC, headlines continue to emerge and we need to take a new approach to get ahead of insider threats. Without real-time prevention solutions and improved employee engagement, these threats will not only increase but find more sophisticated ways to infiltrate and navigate a network."
While fully 95 percent of respondents provide some form of end user security training, just 10 percent believe that training is very effective.
Eighty-one percent of respondents said end users are willing to learn, but just 25 percent said they're willing to put in the effort necessary to do so. Still, 66 percent said they see value in providing real-time training and feedback when an end user does something they shouldn't.
Separately, a Kaspersky Lab survey of more than 4,000 companies from 25 countries found that the top causes of serious data breaches were careless or uninformed employee actions (59 percent) and phishing or social engineering (56 percent).
In the past 12 months, fully 43 percent of respondents experienced data loss as a result of a breach.
"The survey results indicate the need for a different view on the growing complexity of cyber threats. ... The most important finding is the companies' points of vulnerability: threats like employee carelessness and data exposure due to inappropriate sharing [or] device theft," Kaspersky Lab vice president for enterprise business Veniamin Levtsov said in a statement.
"Such challenges cannot be addressed by a technology or algorithm, instead they require better employee awareness and regular training," Levtsov added.
A recent eSecurity Planet article examined the importance of providing user security training.
Photo courtesy of Shutterstock.