IT departments biggest source of data leaks, says research

December 4, 2007 —

IT personnel are to blame in 30% of all data breach incidents, according to
research from security services firm Orthus.

The research monitored the ways users accessed, processed, stored and transmitted
information, including financial records and intellectual property.

Orthus monitored more than 100,000 hours of user activity over the last year
through its data leakage audit service. The software, installed on endpoints,
servers and terminal servers, records how sensitive information is removed from
the corporate infrastructure, providing time and date stamped visual evidence
of these data leaks.

Orthus found that IT departments were responsible for 30% of incidents. The
customer service department is also a common offender, responsible for 22% of
the incidents identified.

"The research proves the rule: the higher level of access privileges --
the greater the propensity for abuse," said Richard Hollis, managing director
of Orthus. "Companies need to address the insider as the primary threat
to their business. Until this is done, no real security can be achieved."

Computerworld UK