Internal Breaches Biggest Threat

Wednesday, February 19, 2014 @ 04:02 PM gHale


Big news comes from companies getting attacked by nation states or by a big organized hacking group, but the types of attacks that don’t get any publicity comes from insider threats.

U.S. businesses suffered through 2,560 internal security breaches per working day over the past 12 months, which adds up to 660,000 total, a new report said.

RELATED STORIES
Report: Execs Still Lack Security Understanding
Senior Mgt Biggest Security Violators
SMBs Not Really Security Aware – Yet
Firms Average 9 Targeted Attacks a Year

Despite this regular occurrence, only 17.5 percent of IT managers consider insider threats to be in their top three security priorities, according to the report by security software provider IS Decisions.

Internal security is a greater challenge for larger organizations, with 40 percent of businesses of over 500 employees having had internal security breaches in the last year, according to the report entitled “The Insider Threat Security Manifesto: Beating the threat from within.” It also reports IT professionals’ attitudes toward insider threats in the UK, where the trend was pretty much the same with 21 percent voicing concern despite over 300,000 internal security breaches in the last year.

Insider threats continue to be a relatively low priority for IT professionals, with concerns about the threats of viruses (67 percent), data loss (47 percent) and hacking (39 percent) remain top of mind. Yet the numbers suggest the greatest source of data loss is in fact from employees. That shows IT professionals are not to look at their own internal structures seriously enough to address the issue.

The report also details what areas IT professionals are more concerned about in regard to internal threat, along with how well set up they are to manage the issue.

“It is human nature to see external sources as your greatest threat, and that coupled with the fact that insider threat is a complex issue to manage has led to IT professionals seemingly turning a blind eye to the issue,” said Francois Amigorena, chief executive of IS Decisions.

“These numbers, and the impact that the Edward Snowden case had last year, show clearly that internal security should be higher up the IT agenda. The reality is that it is a very considerable problem, but the good news is that there is a lot that IT departments can do to mitigate the risks. It’s a technology issue as well as a cultural one, and can be addressed from both of these angles.”



Leave a Reply

You must be logged in to post a comment.