In our current globalized and highly competitive world, information is one of the most valuable organizational assets. In this context, information security has become a constant concern. To achieve reliable levels of safety, the focus of many companies has been to invest primarily in technology and processes, forgetting the human resources that necessarily work with these technologies and run processes. Those people could also become threats. Thinking about this gap, particularly focusing on people as an internal threat (insiders), this study investigated the current situation and trends in information security. By applying a questionnaire to public and private companies in Recife and the surrounding (called, in this study, Greater Recife), aspects of information security were analyzed, focusing on internal threats, where it was established that, in general, information security has a low level of maturity, is not aligned to the business, plays a simplistic role of only seeking protection against external threats. In this vulnerable environment, the active participation of internal threats was noticed. The situation is worse in the public sector. Finally, the work proposed actions to mitigate internal threats involving a broader view of information security, so that people are seen as another layer of security and not just a vulnerability.

segurança da informação; vulnerabilidades humanas; ameaças internas; segurança em camadas; conscientização e educação de usuários