We've seen the stats before, but a new Network World investigation into insider threats to corporate networks found some startling conclusions. The people who know the network best are at least somewhat likely to be the ones who try to steal data, set up secret access, plant logic bombs or simply snoop around. Scary stuff. Another stat to ponder:
Insiders participate in 48 percent of all data breaches according to Verizon's 2010 Data Breach Investigations Report, an analysis of 275 data-breach cases that occurred in 2009. This figure is up from 26 percent the previous year.
The Verizon report points out that external agents, such as hackers, are responsible for stealing far more records than insiders. Nonetheless, most insider cases - 90 percent - are deliberate, malicious and involved misuse of privileges. Employees often get more privileges than they need to perform their job duties, with monitoring usually insufficient. Another finding is that 24 percent of crime tied to internal agents was associated with those undergoing a job change including being fired, resigning, newly hired or changing roles within an organization. Luckily, the article gives plenty of real-world examples of how large organizations are coping with the threat. It also outlines a few of the products and services that can help keep an eye on the people who are keeping an eye on the network. Fighting threats from beyond the firewall is hard enough. Fighting threats from the next cubicle is a serious pain. -- Don Willmott