Lack of management support and the current economic climate is escalating a problem that has IT professionals in a pincer-like grip. As average employee knowledge increases and tools become smarter, network attacks, by disgruntled employees, spiral.
Security policies fail to adequately cover the problem, with WatchGuard Technologies systems engineering senior manager Sven Radavics attributing the increase to more tech-savvy employees.
"The primary reason for the growth in attacks is the added knowledge of the average employee, the wider accessibility of clever tools and the significantly increasing 'ease of use' of these tools," Radavics said.
"In the past if you wanted to 'hack' a system, you needed an incredibly in-depth understanding of the systems in use. Today, all you need to know is where to find the right tool and understand a few basics. Combine [that] with the consistent failure of most organisations to take security seriously, and a possible increase in desire [to inflict damage] caused by economic pain, and you have a situation that is spiralling out of control."
An employee at a systems integration and Internet services provider, who requested anonymity, said the company he works for, which is in the business of selling security polices, does not itself have a security policy in place.
"It is something that I am concerned about, but I'm not sure that my employer is," he said, labelling the attitude as one of "fly by the seat of our pants".
"The emphasis to date has been that security is equivalent to firewalls, which I believe is wrong. Security is also about physical access to infrastructure, knowledge that employees have about the company and the whole social engineering aspect of choosing good passwords and not giving them out.
"Also, you must not forget the security risk of a disgruntled employee providing inside information to an outsider."
Newly appointed regional director at Check Point, Scott Ferguson, labels the employee or ex-employee security threat as "disgruntled inside-outers".
"This whole issue surrounding disgruntled inside-outers is most obvious within the IT industry as we go through period of rationalisation and redundancies," Ferguson said.
He said it should be a boardroom issue, but historically it is an issue that has been left to IT to deal with.
While implementing IT infrastructure is generally an IT manager's role, introducing a culture of security is far more complex, requiring CEO support.
"IT managers are in a position to work with the chief security officer and be a key adviser to the CEO in crafting the policy," he said.