One fifth of data breaches result of insider issues says report

According to the KPMG data loss barometer report, which is billed as analysing IT security issues worldwide, a fifth of reported data loss incidents in the first half of 2010 came from malicious attacks inside the organisation.

The growth of the threat, says the report, has been rapid, rising from just 4% of all incidents in 2007, to 20% this year. And to put these percentiles in perspective, KPMG says that, since 2007, some 23 million people globally have been affected by data breaches involving the threat of a malicious insider.

Commenting on the figures, Malcolm Marshall, head of the information security practice at KPMG UK, said that the recession may have played its part in driving up the increase in malicious insider data loss incidences, as data becomes an increasingly valuable commodity.

But the alternative, he says, is that as organisations get wiser to the tactics of hackers, then criminals may be tempting staff to pass on valuable information - "hence the massive growth in the insider threat", he said.

As previously reported by Infosecurity, the KPMG report says that healthcare data breaches are definitely on the rise - in the first six months of 2010, just over a quarter of all reported incidents were in the healthcare sector with almost 4 million people affected.

The report adds that the healthcare sector is closely followed by government, which accounted for a fifth of all incidents this year.

And within government, KPMG says that almost 40% of incidents involved a third party.

The study also noted that hacking remains the biggest threat of data loss, with almost a quarter of a billion people affected by it since 2007.

The lure of financial gain, says the research, along with corporate espionage and terrorism provide the main motivation behind hacking attacks.

According to Marshall, 2011 and beyond will undoubtedly see the data theft threat continue to grow - Stuxnet is seen as the first `weaponised cyber-attack' and it has upped the game in terms of the level of sophistication.

"It will only be a matter of time before similar techniques are developed by criminal gangs. The likely result is broader general security breaches and increasingly large direct financial losses", he said.

Marshall adds that the fear of tougher sanctions, regulatory developments and negative publicity, meanwhile, appears to have increased the awareness of the need to protect vital information.

"But as cyber wars begin to take hold as a threat, and criminals constantly seek new ways of infiltrating systems, businesses and individuals alike need to ensure the security of their data is given utmost priority", he noted.

What’s Hot on Infosecurity Magazine?