I’m always suspicious when someone selling security services tries to tell me how serious a particular security problem is. For the latest case in point, see this week’s Computerworld:
A recent study sponsored by Risk Control Strategies, a threat management and risk assessment firm, found that an overwhelming majority of 223 security and human resources executives who manage between 500 and 900 employees said workplace violence is a bigger problem now than it was two years ago. As a result, 23% said employees have intentionally and maliciously downloaded viruses over the past 12 months.
That seems really, really high to me, and it makes me doubt the rest of the study as well. If this sort of deliberate virus attack were really happening all that often, wouldn’t you think we would hear more specific examples? Wouldn’t some people have been arrested? I have no data to back this up, but it sure seems more logical that viruses attack organizations because the underlying security systems are faulty and users haven’t been trained in how to avoid risky behavior.
I found the original report (undated but apparently published earlier this year). It claims that in the same sample of businesses, approximately 65% had one or more employees who made verbal threats against senior management in the last 12 months and 36% had experienced “electronic assault/death threats to senior management.” I know the world has gone mad and all that, but I have a hard time believing there are that many psychos in the world.
I definitely don’t want to minimize the problem, but it is noteworthy that this company has a very full menu of (presumably very expensive) services designed to reduce workplace violence.
(via Techdirt)
Ed Bott 