Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Cisco investigates insider threat phenomenon

Cisco : 21 November, 2008  (Technical Article)
With insider threats being the most significant source of data loss for companies, Cisco details the origin and reason for the threat
Cisco has issued the third and final set of findings from its global security study on data leakage, shedding light on the employee 'insider threat' to corporate information. The latest security findings compare the information technology profession's biggest concerns around employee risk with the reality of employees' behaviour, which regardless of whether it's inadvertent or malicious, can impact company brands and cost businesses a fortune.

Conducted by InsightExpress, a US market research firm, the security study was commissioned by Cisco to assess the implications of data leakage as businesses become more collaborative, mobile and distributed. The latest findings round out previously published research on employee data leakage mistakes and corporate security policies. All three sets of security findings are drawn from surveys of more than 2,000 employees and IT professionals in 10 countries: the United States, the United Kingdom, France, Germany, Italy, Japan, China, India, Australia and Brazil.

'The blending of work vs. home and public vs. private means that data can be accessed, transmitted, stored and stolen from anywhere at any time,' said John Stewart, chief security officer of Cisco. 'As a result, the approach to data protection must change. From the largest corporate enterprise to the youngest consumer, we all share the responsibility to maintain awareness and discipline in protecting information. As we've said all along, this research presents an opportunity to evolve security toward a necessary combination of education, policy and technology.'

Such change begins with IT, Stewart added, particularly with the perception of employees' behavioral impact on data loss. One of the study's most noteworthy findings is IT's widespread belief that employees are becoming more cognizant of security risks and are more diligent in protecting data. For example, four of every five IT professionals in China and one of every two in France believe their employees have become more committed to protecting corporate information over the past few years.

But the research suggests a different story, casting light on one of its most sobering findings: While the majority of security threats exist outside an organization, the study shows that the 'insider threat,' whether it's accidental or malicious, can be as prevalent as any external source.

Understanding the Insider Threat:.

* Internal vs external threats: The majority of IT professionals believed their employees posed a more serious threat to data security than outsiders. About two in five (39 percent) perceive negligence among employees as the main reason, and one in five pointed to disgruntled workers as data security risks.

* Portable hard drives: One in three IT respondents said portable hard drive devices are their top concern for how data is leaked - more than email (25 percent), lost or stolen devices (19 percent), and verbal communication with non-employees (8 percent).

* Lost or stolen devices: About one in 10 employees lost or had a corporate device stolen in the year leading up to the study, creating a data loss incident for themselves and their companies.

* Stealing and selling information and devices: One in 10 employees (11 percent) admitted stealing data or corporate devices, selling them for a profit, or knowing fellow employees who did. This finding was most prevalent in France, where one in five (21 percent) employees admitted knowledge of this behaviour.

* Keeping devices after leaving a company: Some employees admitted keeping their corporate devices and information after leaving their jobs, and their reasons varied from personal to vindictive: 'I needed the device for personal use'; 'I wanted to get back at my company'; and 'The company won't find out.'

'We speak about intellectual property as the most important data set to protect, whereas the highest cost and impact is when an organisation loses customer data,' Stewart said. 'If you think about it, it's the most important data to protect in an organisation because it isn't yours. You are just a guardian and customers rely on your diligence to protect their information.

'Employee data, which almost all organisations have somewhere, is an additionally important data class as we want those who work for and with us to rest assured that their personal information is secure and safe,' Stewart added. 'And of course, intellectual property data is clearly valued and many times proprietary. In all cases though, data loss can undermine a company's brand, ruin competitive advantage, impact shareholder value, erode customer trust, and jeopardise vital partnerships.'

Stewart noted that companies can take a number of recommended steps to minimise risk and contain the costs associated with data loss.

* Identify the data that needs to be protected.
* Make no assumptions that employees know what data to protect.
* Integrate corporate entities into the same security culture.
* Provide the same security education on behaviour, policy and safety everywhere.
* Keep in touch with employees and their jobs.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo