Identifying the source of corporate threats
The Verizon Business RISK team recently released its "2009 Data Breach Investigations Report," which gives a fresh look into the question of whether insiders or outsiders are the larger threat group. The report concludes that 74% of breaches result from external sources and "the predominance of total records lost was attributed to outsiders."
[ Slideshow: Worst moments in network security history. ]
With nearly three-quarters of attackers still originating from outside, it is tempting to accept the inside threat as a lesser concern. Later, however, the report states external breaches have dropped nearly 20% over five years. The growth in threats seems to come from partners rather than insiders. Or can we really tell?
This question is something everyone should ask themselves, whether they store, process or transmit personal identity information. When looking at the data and conclusions of breach reports, it is important to consider several factors before accepting conclusions or taking a security posture.
First, the incident-response-team perspective does not reflect every environment or industry. Verizon provides data on only 600 incidents over five years, whereas public resources and research groups suggest 573 incidents occurred in 2008 alone and close to 1,500 occurred over the past five years. What happens if we include all other data points, or estimate the number of unreported breaches, or isolate breaches by industry?
Second, data points themselves remain blurry. External and internal threats often are not exclusive. External agents often include an element of insider activity. There are a number of reasons for this, such as the sophistication of monitoring at the perimeter compared with that at internal segments.
Note that the Verizon report defines insider threat to include individuals who "contribute to the breach" by picking up malware while browsing. With that in mind, 11% of all attacks are attributed to internal breaches alone, with no known external component involved. However, 39% of breaches involve multiple sources. The combined total of attacks involving insiders is therefore actually 50%. Furthermore, the 11% of attacks exclusive to insiders translates into 25% of all compromised records. When you consider this, the threat represented by insiders appears to increase substantially above 50%.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
