IT workers blame employees for the biggest security vulnerabilities

Have you tried turning it off and on?

Two new studies confirm every computer dunce’s worst fears: IT professionals (i.e. the technological bedrock of corporate America) blame the employees they’re bound to help for their computer problems — at least when it comes to security.

A column for ZDNet synthesizes the findings of two new surveys about what IT professionals consider the biggest security threats. Overwhelmingly, the people tasked with protecting our corporate digital lives fear the potential for the bumbling mistakes of their charges above all else.

In the first survey, from BetterCloud, 62 percent of over 500 surveyed IT workers say that “the biggest security threat comes from well-meaning but negligent end users.” That means that our weak passwords and naive unknown email clicking keeps your IT guy up at night; we are but chimps whacking aimlessly at our machines, every keystroke a potential moment of disaster.

The second survey paints a similar picture. This one, a Cipher-commissioned survey from Ponemon Institute, picked the brains of over 5,800 IT workers. One of its top takeaways was that 54 percent of IT professionals globally “rank employee mistakes as the top threat to sensitive data.” We are our own worst enemies!!

Of course, the IT guys and gals have a point. Multiple surveys point to human error as a leading cause of security and data breaches. A lot of these surveys do come from companies who are conveniently selling cybersecurity tools and training. But, c’mon, we all know Karen in HR is the real problem.

I asked one IT worker who wished to remain anonymous what they thought of the surveys, and they took a kinder tact. Ultimately, they said, it’s an organization’s responsibility to invest the resources necessary to create strong security infrastructure with up-to-date tools and proactive security monitoring that can withstand user error.

“While end-user actions, and inactions, are generally the point of failure in security practices, it’s unfair to highlight fault at the user or device level,” the IT professional said. “The end user may open a door allowing for threats but it’s the role of IT strategists to prevent that as an option.”

Guys, they really are here for us! But even if your IT team is on the ball, do your friendly neighborhood IT guy a favor and make a strong password, and stop clicking on emails from Nigerian princes. 

Oh, and, when times get tough for the IT team, you can always give them a hug. They love that.