RSS Alerts

Share

More services

Related Links

Related Stories

  • Comment: Stopping Employees from Stealing Your Data
    Whether leaked intentionally or accidentally, the practice of information sharing has been known to cause problems. Sean Glynn of Credant Technologies examines how to limit the information users have access to without thwarting trust, and how encryption can play an integral part.
  • The Challenge of Security by Compliance
    Information security has become an unavoidable issue for banking and other financial services organizations globally, and recently many of these organizations have turned to compliance, regulations and industry standards to secure their data and information infrastructure. John P. Pironti reports
  • The Good, the Bad, and the Ugly Insider Threats
    Whether intentional or unintentional, insider threats take many forms. The (ISC)² US Government Advisory Board Executive Writers Bureau examines this dichotomy and how it is being affected by both regulatory considerations, and the rapidly changing technology landscape
    Members' Content
  • Comment: Security Has Become a Black and White Issue
    As cyber-attacks become increasingly sophisticated, Bimal Parmar of Faronics argues that organizations can no longer rely solely on traditional blacklist technologies, but must adopt a layered approach to endpoint security
  • Comment: We All Need to Keep Closer Tabs on Financial Data
    Mohan Koo, managing director of Dtex Systems, explains how recent data breaches show that organizations are focusing on external security while neglecting insider threats

Top 5 Stories

News

Accidental insider security incidents more frequent than malicious attacks

26 August 2009

Accidental security incidents caused by company insiders are more frequent and could potentially have a greater impact on information security than malicious insider attacks, according to research by IDC, commissioned by RSA.

The survey of 400 chief experience officers (CXOs) in the UK, France, Germany and the USA found that the insider security threats that caused the largest number of instances, such as unintentional data loss through employee negligence, and the greatest financial impact of for example out-of-date or excessive privileges and access control rights for users, were accidental.

The white paper, Insider Risk Management: A Framework Approach to Internal Security, shows that the majority of CXOs give higher priority to protection against malicious insider attacks over investing to prevent more the more frequent, and potentially more harmful, accidental insider security incidents.

Christopher Young, senior vice president of RSA Products, said: “Internal risks are growing and to remain competitive, CXOs must change the way they defend their business and expand security priorities to address the heightened need for protection from risk both intentional and accidental from an insider.

“CXOs must adopt a holistic strategy to mitigate insider threat that focuses on protecting critical information from misuse, leakage and loss by internal users, whether accidental or deliberate”, he added.

The survey also found that the greatest source of insider threat came from contractors and temporary employees. The average annual financial loss from insider risk was nearly US$800 000 in the IT outsourcing industry.

The research into insider security risks found that while 93% of respondents were responsible for security decisions within their organisations, almost 82% were not clear on the source of their company’s insider risk and could not precisely pinpoint or quantify the nature of the financial impact.

This was despite the fact that 52% of the surveyed companies characterising their insider threat incidents as predominantly accidental. Only 19% believed insider security threats were deliberate, whereas 26% believed it was an equal combination. Three percent were unsure.

Over the last year, the 400 respondents have seen 6244 incidents of unintentional data loss, 5830 malware and/or spyware attacks from within the organisation, and 5794 incidents of risks created by excessive privilege and access control rights.

Almost 40% of the respondents said they plan to increase spending on initiatives to reduce internal security risks over the next year – only six percent will decrease spending.

This article is featured in:
Business Continuity and Disaster Recovery  • Compliance and Policy  • Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012