Information Rights Management Monitor: Survey: Insider attacks cause more damage than outside assault

Information Rights Management Monitor: Survey: Insider attacks cause more damage than outside assault.

The debate continues about outsider vs. insider attacks. Which are more prevalent? Which are more costly?

A recent survey conducted by SCO Magazine and sponsored by Deloitte, claims that:

58 percent of attacks are caused by outsiders and only 21% by insiders. At the same time, however, 33% view the insider attacks to be more costly than outside attacks, compared to 25% in 2010.

Now one might think that it’s in Deloitte’s interest to promote the growing threat of insider attacks because it’s an audit firm. However, I found this statistic to be interesting:

The authors noted that the public may not be aware of the number of insider events or the level of the damage caused because 70% of insider incidents are handled internally without legal action.

In my view, the difference between an outsider and an insider attack is narrowing if you define an insider as one who has authorized access. This is due to the increasing prevalence of botnet attacks which steal credentials. Thus an outsider becomes an insider. Of course, if the definition is based on the identity type of the attacker the difference between outsider and insider is clearer.

Therefore when planning your security defenses, it’s critically important to use an approach which starts with identifying the attacker types and their objectives. That’s why I like the SANS 20 Critical Security Controls for Effective Cyber Defense.

 

HP And The Scary Corporate Fifth Column Concept – Hacked Off – Dark Reading

HP And The Scary Corporate Fifth Column Concept – Hacked Off – Dark Reading.

Rob Enderle discusses employees leaking proprietary information to competitors. Rob focuses on Oracle’s efforts against HP, speculating that Larry Ellison’s hiring of Mark Hurd is part of a plan to acquire HP.

During a battle–competitive, political, or otherwise–detailed information about the other side’s strategy, weaknesses, and tactics can result in huge benefits for the firm that acquires it. In security, it is our job to plug leaks–which are difficult to find–to identify the potential for them. On the short list would be executives or employees who were passed over for critical promotions, complained about abuse, were identified as surplus but still working, or who were known to be disgruntled and aggressively looking for outside work.

Employees like this should be considered a security risk. Care should be taken to control the information they have access to, specifically looking for indications that information coming into their possession isn’t being passed outside the company.