RSS Alerts

Related Links

Related Stories

  • Does Web 2.0 need security 2.0?
    With the proliferation of Web 2.0 services, security concerns have escalated. Davey Winder investigates how infosec vendors are addressing these challenges and wonders whether security 2.0 actually exists
    Members' Content
  • Financial services security changes with the times
    Tense economic times and insider malfeasance have provided a steady stream of data breach incidents for firms both large and small. Stephen Pritchard examines what financial services providers are doing to protect their customers’ money – and information – from prying eyes
  • What’s in store for 2010?
    The Noughties are behind us now, but memories of a decade of data breaches will continue to haunt the infosec professional. If only there was a way of knowing what the threat landscape would look like in the months to come. Well you’re in luck as Davey Winder has dusted off the crystal ball and spoken to a broad church of infosec professionals to get some informed predictions for 2010
  • Data lost, not found: Why data loss is still prevalent in many organisations
    Eighteen months on from the HMRC data loss scandal - where contractors lost the details of 25 million Britons - Stephen Pritchard investigates why there is little evidence that the rate of privacy breaches is falling
  • Information security and the recession
    As the recession continues to chew into budgets, and cyber criminals see increased opportunity for looting, CIOs must ensure that information security defences remain strong and affordable, even if this means a little bargaining. Stephen Pritchard looks at how organisations can negotiate the rough seas ahead.

News

Accidental insider security incidents more frequent than malicious attacks

26 August 2009

Accidental security incidents caused by company insiders are more frequent and could potentially have a greater impact on information security than malicious insider attacks, according to research by IDC, commissioned by RSA.

The survey of 400 chief experience officers (CXOs) in the UK, France, Germany and the USA found that the insider security threats that caused the largest number of instances, such as unintentional data loss through employee negligence, and the greatest financial impact of for example out-of-date or excessive privileges and access control rights for users, were accidental.

The white paper, Insider Risk Management: A Framework Approach to Internal Security, shows that the majority of CXOs give higher priority to protection against malicious insider attacks over investing to prevent more the more frequent, and potentially more harmful, accidental insider security incidents.

Christopher Young, senior vice president of RSA Products, said: “Internal risks are growing and to remain competitive, CXOs must change the way they defend their business and expand security priorities to address the heightened need for protection from risk both intentional and accidental from an insider.

“CXOs must adopt a holistic strategy to mitigate insider threat that focuses on protecting critical information from misuse, leakage and loss by internal users, whether accidental or deliberate”, he added.

The survey also found that the greatest source of insider threat came from contractors and temporary employees. The average annual financial loss from insider risk was nearly US$800 000 in the IT outsourcing industry.

The research into insider security risks found that while 93% of respondents were responsible for security decisions within their organisations, almost 82% were not clear on the source of their company’s insider risk and could not precisely pinpoint or quantify the nature of the financial impact.

This was despite the fact that 52% of the surveyed companies characterising their insider threat incidents as predominantly accidental. Only 19% believed insider security threats were deliberate, whereas 26% believed it was an equal combination. Three percent were unsure.

Over the last year, the 400 respondents have seen 6244 incidents of unintentional data loss, 5830 malware and/or spyware attacks from within the organisation, and 5794 incidents of risks created by excessive privilege and access control rights.

Almost 40% of the respondents said they plan to increase spending on initiatives to reduce internal security risks over the next year – only six percent will decrease spending.

 

This article is featured in:
Business Continuity and Disaster Recovery Compliance and Policy Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water