Identifying the source of corporate threats
The Verizon Business RISK team recently released its "2009 Data Breach Investigations Report," which gives a fresh look into the question of whether insiders or outsiders are the larger threat group. The report concludes that 74% of breaches result from external sources and "the predominance of total records lost was attributed to outsiders."
[ Slideshow: Worst moments in network security history. ]
With nearly three-quarters of attackers still originating from outside, it is tempting to accept the inside threat as a lesser concern. Later, however, the report states external breaches have dropped nearly 20% over five years. The growth in threats seems to come from partners rather than insiders. Or can we really tell?
This question is something everyone should ask themselves, whether they store, process or transmit personal identity information. When looking at the data and conclusions of breach reports, it is important to consider several factors before accepting conclusions or taking a security posture.
First, the incident-response-team perspective does not reflect every environment or industry. Verizon provides data on only 600 incidents over five years, whereas public resources and research groups suggest 573 incidents occurred in 2008 alone and close to 1,500 occurred over the past five years. What happens if we include all other data points, or estimate the number of unreported breaches, or isolate breaches by industry?
Second, data points themselves remain blurry. External and internal threats often are not exclusive. External agents often include an element of insider activity. There are a number of reasons for this, such as the sophistication of monitoring at the perimeter compared with that at internal segments.
Note that the Verizon report defines insider threat to include individuals who "contribute to the breach" by picking up malware while browsing. With that in mind, 11% of all attacks are attributed to internal breaches alone, with no known external component involved. However, 39% of breaches involve multiple sources. The combined total of attacks involving insiders is therefore actually 50%. Furthermore, the 11% of attacks exclusive to insiders translates into 25% of all compromised records. When you consider this, the threat represented by insiders appears to increase substantially above 50%.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
