Home : Security : News

Businesses should focus on the ‘accidental’ insider threat

Most insider data losses are accidents rather than malicious attacks.

By Asavin Wattanajantra, 25 Aug 2009 at 11:25

The so-called insider threat is more likely to be an accident than a malicious attack, according to IDC research.

More than half (52 per cent) of organisations described their insider threat incidents as most likely to be accidental, according to a survey. Just the 19 per cent believed that incidents were mostly deliberate.

IDC warned companies against making malicious insider attacks their priority, as accidents could be more damaging.

Insider risk is where employees are the cause of damage to a company because of access to confidential data or important IT systems.

The RSA-sponsored survey also said that 82 per cent of decision makers didn't know whether incidents involving contractors were more likely to be accidental or deliberate.

“One of the key challenges a lot of these organisations have when they are dealing with contractors or temporary employees is that you have to give them access to systems,” said Chris Young, senior vice president for RSA products, speaking to IT PRO.

“But when they leave, it’s not always so simple in terms of revoking access or credentials, because of the number of systems these people might get access to over the course of engagement with an organisation.”

In the past 12 months the 400 respondents admitted to 6,244 incidents of data loss, as well as 5,830 malware or spyware attacks from within the enterprise.

The total number of security incidents was 57,485, with 40 per cent of businesses planning to increase spending this year.

Email to a friend

Print this page

< Previous Security : News Next >

1 comments

You need to Login or Register to comment.

Human Error is Largely Preventable

Most companies enjoy “security” insofar as they haven’t been targeted, or had an employee make a human error with catastrophic exposure. Price Waterhouse Cooper and Carnegie-Mellon’s CyLab have recent surveys that show the senior executive class to be, basically, clueless regarding IT risk and its tie to overall enterprise (business) risk. Data breaches and thefts are due to a lagging business culture – absent new eCulture, breaches will, and continue to, increase. As CIO, I’m constantly seeking things that work, in hopes that good ideas make their way back to me - check your local library: A book that is required reading is "I.T. WARS: Managing the Business-Technology Weave in the New Millennium." It also helps outside agencies understand your values and practices.
The author, David Scott, has an interview that is a great exposure: www.businessforum.com/DScott_02.html -
The book came to us as a tip from an intern who attended a course at University of Wisconsin, where the book is an MBA text. It has helped us to understand that, while various systems of security are important, no system can overcome laxity, ignorance, or deliberate intent to harm. Necessary is a sustained culture and awareness; an efficient prism through which every activity is viewed from a security perspective prior to action.
In the realm of risk, unmanaged possibilities become probabilities – read the book BEFORE you suffer a bad outcome – or propagate one.

By Ip_johnfranks999 on Tuesday Aug 25

Latest Security Analysis & Insight

What is your password worth?

Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.

More Security Analysis & Insight

Latest Security Reviews

Check Point 2210 Appliance review

Rating:

Check Point's new 2200 Appliances combined enterprise level network security with an SMB price tag. Its software blades provide a wealth of features, but do they complicate deployment? Read this exclusive review to find out.

More Security Reviews