The more money that companies spend on securing their IT operations from external attack, the more it seems they become aware that the potential threat posed by their own employees remains their most significant risk.
A new study published by consultants Deloitte on Tuesday finds that financial services companies -- among the most advanced and deep-pocketed consumers of security technologies in the world -- are still struggling with the concept of handling the insider threat issue despite all the cash they're dropping on security technologies.
In the survey of 100 global financial services firms, Deloitte found that 91 percent of those questioned were concerned about their inability to respond to insider threats, while 79 percent were willing to cite "the human factor" as the root cause for a majority of their security issues.
Despite that and all the different types of security tools companies have adopted, the survey found that 22 percent of the companies interviewed hadn't provided any new security training to their workers in the past year, and only 30 percent indicated a belief that their current employees were skilled enough to respond to an emerging security crisis.
The apparent lack of faith in their ability to control the insider threat shows that many businesses are aware that they are only just beginning to tackle the problem, report authors said.
"The contradictory findings highlight the security paradox financial institutions are facing," Mark Steinhoff, leader of the firm's financial security and privacy services practice, said in the report. "Security training and awareness, along with access and identity management -- of employees, clients, and suppliers alike -- are among organizations' top initiatives this year as they fight to keep pace with the ever-changing threat landscape."
Beyond training, more companies are also enlisting the help of additional security systems aimed specifically at thwarting internal attacks and preventing mistaken data breaches.
In addition to tools that offer the ability to track IT systems usage more comprehensively -- and create electronic paper trails that give forensics experts a string of clues when investigating any misbehavior or mistake -- enterprise organizations claim that they are also blending physical and IT security to stay abreast of what their workers are up to.