RSS Alerts

Related Links

Related Stories

  • What’s in store for 2010?
    The Noughties are behind us now, but memories of a decade of data breaches will continue to haunt the infosec professional. If only there was a way of knowing what the threat landscape would look like in the months to come. Well you’re in luck as Davey Winder has dusted off the crystal ball and spoken to a broad church of infosec professionals to get some informed predictions for 2010
  • Data lost, not found: Why data loss is still prevalent in many organisations
    Eighteen months on from the HMRC data loss scandal - where contractors lost the details of 25 million Britons - Stephen Pritchard investigates why there is little evidence that the rate of privacy breaches is falling
  • Information security and the recession
    As the recession continues to chew into budgets, and cyber criminals see increased opportunity for looting, CIOs must ensure that information security defences remain strong and affordable, even if this means a little bargaining. Stephen Pritchard looks at how organisations can negotiate the rough seas ahead.
  • Leaving a trace
    IT forensics is seen by many in the industry as something of a black art. But it's actually a highly professional discipline, with professional software to assist, as Steve Gold discovers
  • Keynote Theatre Agenda
    The 2010 Keynote programme will address the security issues and pressures that organisations face in an increasingly mobile and global working environment. Leading security experts, industry innovators and speakers from the end-user community who will provide expert analysis, real-life case studies, strategic advice and predictions.

News

Accidental insider security incidents more frequent than malicious attacks

26 August 2009

Accidental security incidents caused by company insiders are more frequent and could potentially have a greater impact on information security than malicious insider attacks, according to research by IDC, commissioned by RSA.

The survey of 400 chief experience officers (CXOs) in the UK, France, Germany and the USA found that the insider security threats that caused the largest number of instances, such as unintentional data loss through employee negligence, and the greatest financial impact of for example out-of-date or excessive privileges and access control rights for users, were accidental.

The white paper, Insider Risk Management: A Framework Approach to Internal Security, shows that the majority of CXOs give higher priority to protection against malicious insider attacks over investing to prevent more the more frequent, and potentially more harmful, accidental insider security incidents.

Christopher Young, senior vice president of RSA Products, said: “Internal risks are growing and to remain competitive, CXOs must change the way they defend their business and expand security priorities to address the heightened need for protection from risk both intentional and accidental from an insider.

“CXOs must adopt a holistic strategy to mitigate insider threat that focuses on protecting critical information from misuse, leakage and loss by internal users, whether accidental or deliberate”, he added.

The survey also found that the greatest source of insider threat came from contractors and temporary employees. The average annual financial loss from insider risk was nearly US$800 000 in the IT outsourcing industry.

The research into insider security risks found that while 93% of respondents were responsible for security decisions within their organisations, almost 82% were not clear on the source of their company’s insider risk and could not precisely pinpoint or quantify the nature of the financial impact.

This was despite the fact that 52% of the surveyed companies characterising their insider threat incidents as predominantly accidental. Only 19% believed insider security threats were deliberate, whereas 26% believed it was an equal combination. Three percent were unsure.

Over the last year, the 400 respondents have seen 6244 incidents of unintentional data loss, 5830 malware and/or spyware attacks from within the organisation, and 5794 incidents of risks created by excessive privilege and access control rights.

Almost 40% of the respondents said they plan to increase spending on initiatives to reduce internal security risks over the next year – only six percent will decrease spending.

 

This article is featured in:
Business Continuity and Disaster Recovery Compliance and Policy Data Loss

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Copyright © 2010
Elsevier Ltd. All rights reserved.
Terms & Conditions | Privacy | Website Design Working with water