A new Ponemon Institute study sponsored by software provider Varonis found that information security professionals in Germany are more confident about their threat protection capabilities than their counterparts in the U.S., U.K. and France.
The study, titled “Differences in Security Practices and Vigilance Across U.K., France, Germany and U.S.,” took a transnational view of software practices.
The Varonis Ponemon study surveyed a pool of 3,027 IT professionals, including 1,109 in the U.S., 670 in Germany, 655 in the U.K. and 593 in France. These experts were working for companies that vary widely in size and industry.
Key Takeaways From the Varonis Ponemon Study
Respondents from all locales included in the study agreed that irresponsible insiders pose a greater threat than external attackers or malicious insiders. From there, however, differences began to emerge.
Thirty-nine percent of IT professionals in Germany are confident their organizations enforce a “strict least privilege model,” meaning access to data is meted out “only on a need-to-know basis.” Comparatively, IT professionals in the U.S. (29 percent), France, (25 percent) and U.K. (23 percent) indicated much lower confidence levels.
Of the participants in the U.S., 82 percent said they had suffered data loss within the last two years. France ranked second in this category (80 percent), followed but the U.K. (76 percent) and Germany (64 percent).
Top Three Threats
Respondents from the U.S. and U.K. indicated that insiders posed the greatest security threat, followed by external fraudsters and malware. In fact, the percentages even broke down exactly the same way: Among respondents in both regions, 61 percent ranked insiders as the top threat, with outside cybercriminals (55 percent) and malware (47 percent) trailing close behind.
Sixty-seven percent of French respondents agreed that insider negligence was the greatest threat, with another 53 percent saying external criminals pose the second-greatest security threat. At 40 percent, malicious contractors ranked as the third-highest threat among French participants in the study.
Once again, Germany is the outlier. German IT professionals indicated that external cybercriminals seeking to compromise employee login credentials (66 percent) posed the greatest threat, followed by malware (46 percent) and nefarious contractors (41 percent). Insider negligence (36 percent) ranked fourth among German respondents.
“Cultural and business norms vary from country to country, especially in the balance between employee privacy and organizational security,” the study read. “This can affect attitudes, preparedness and resistance to insider threats and cyberattacks.”
Principal, PBC Enterprises