 |
|
|
1 June 2010
The Insider Threat - How Real Is It
Written by Ron Penna
There always seems to be some debate between if insiders or hackers are really the greatest cause of information security breaches. What are the facts?
According to a mid 2009 study, eighty percent of chief information security officers (CISOs) believe that employees and contractors present a greater threat to their data than hackers.1 Only 18 percent of the respondents considered hackers a greater threat.
Yet in a study of publically disclosed data breaches that occurred between 2000 and 2009 about two thirds of all breaches were sourced from outside the organization. 31 percent caused by insiders.
In looking at these seemingly conflicting reports, it is possible to reconcile them with a bit of common sense and analysis. At the RSA conference in 2008 a survey was conducted of information security professionals. In that report it was discovered that only about 11 percent of data breaches are actually reported. So the term “publically disclosed” represents only a small slice of all actual breaches.
What breaches might organizations not want to report? It is commonly believed that breaches that involve insiders are not disclosed nearly as often as breaches involving outside sources such as hackers. Our culture has been trained to say “Those darn hackers…they have amazing skills. What chance did the company really have against them?” We don’t take the same approach with insider breaches. We blame the company. Where did their policies and procedures break down? How poor are their hiring practices? How could the insider get away with this? We have little tolerance for breaches being caused by insiders. As a result, companies are less likely to disclose when a breach occurs as a result of an insider.
Data breaches are disclosed due to data breach disclosure laws that have been passed in nearly all 50 states. A breach must be disclosed when specific types of personal information on employees or customers are exposed or compromised. This usually includes a full name and something like a social security number, driver’s license number or some other private information that could be used to commit identity theft. What about breaches where a business client database is extracted, intellectual property theft occurs or a variety of other breach types that do not include customer or employee sensitive data? These are still very serious data breaches, usually orchestrated by insiders and often not disclosed.
But what about those data breaches that were publically reported? Even these statistics can be misleading. For example, a hacker accesses and compromises an organizations public email server through vulnerability exploit. This would naturally be classified as a breach from an “outside” source. But what if the IT administrator had been derelict in his duties and not run vulnerability scans or patched the system for over a year. Can’t we associate part of the reason why this system was compromised to insider negligence?
This same logic can be applied to employees who have their mobile devices stolen that may have sensitive data on them. Did the employee leave it someplace they shouldn’t? Was the employee authorized to have sensitive data on the laptop in the first place?
When a true analysis is performed, one finds that actually insiders are the cause, or significantly contribute to the vast majority of data breaches that occur. Yet the technologies that most organizations use to mitigate the threat of a data breach do not take the insider into account.
Awareness Technologies is an all-in-one endpoint security agent that specifically solves the problem around insider threats. With core features such as data loss prevention, web filtering, employee recording and monitoring, and asset tracking and recovery, you can mitigate the greatest risk your organizations has…Insiders. The Awareness Technologies solution requires no hardware or hassle. It is all managed from a central SaaS based web portal. The agent can be loaded on any system, anywhere giving you complete control and visibility.
Data breaches cost millions of dollars in forensic investigation, identity protection services, customer disloyalty, profit losses, fines, class-action lawsuits, stock price drops, and much more. Ensure your company is using Awareness Technologies to close the biggest gap all companies have. Insiders are by far the great cause of information security breaches. Now you can control that risk.
|
|
|
|
|
|
|
|
|
|
