Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

A Fifth Of Commercial IT Attacks Come From Insiders

Imperva : 11 February, 2011  (Technical Article)
CyberSecurity Survey reveals that over 20% of attacks on organisation's IT systems originate from people who have some form of authorised access, whether as employees or contractors
The recently published 2011 CyberSecurity Watch Survey claims to show that 21 per cent of attacks on organisations are caused by insiders.

And, says Amichai Shulman, chief technology officer with data security specialist Imperva, the report also points out that the percentage of those viewing the insider attacks as more costly is up this year (33 per cent) on the 25 per cent reported last year.

"The report is also very interesting as it defines an insider as being an employee or contractor with authorised access, as well as noting that these types of attacks are becoming more sophisticated, where the user employs different Rootkits and hacking tools" he added. This is a significant shift, as so far insider attacks used to rely on very simple techniques and tools (available with any work station).

The Imperva CTO went on to say that there is a greater problem here that flies in under the radar, and does not seem to be included in the statistics.

This, he explained, centres on the threat of the individual who has no deliberate intention to cause the company any damage. Rather, the insider threat is mostly caused by an employee that collects information rightfully over time and the information is not removed when the employee leaves the company.

The danger here, says Shulman, is when the employee re-uses that data at their next place of employment, or, as sometimes happens, the data `leaks' from the employee's own computer.

Imperva's own street survey of over 1,000 UK employees found that 85 per cent of employees carry corporate data in their home computers or mobile devices, he said.

And, he added, 79 per cent of those surveyed revealed that their organisation does not have - or the employee is unaware of - any policy to remove company data from their laptop or other portable device when they leave the company.

Against this backdrop, Shulman recommends that, whilst companies scurry around to defend their digital assets against the apparent insider threat, they need to also need to defend against those members of staff who plan to take data with them when they move on to another organisation.

"Approaching a review of a company's security policies and controls from this angle means that the process is not as futile as some professionals think it is, but rather assesses and prioritises the largest risks in a logical manner," he added.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo