KPMG Data Loss Survey Points To Insider Access Governance Risk

The 2010 KPMG Data Loss Survey points to the increasing amount of insider access risk that organizations are realizing. Based on this worldwide report, 20% of data loss incidents this year were cause by people within the organization, up from 4% in 2007. While many security practitioners have done a great job of locking down the perimeter to mitigate external access risks, the same attention and control has not be applied to insider risk.

Blame it on the economy if you will, but insiders seem to have more motive to steal data. And it’s not just personally identifiable information on consumers. We are seeing higher rates of corporate intellectual property being stolen than ever before.

One thing to note that is concerning is the amount of data loss that can be attributed to the healthcare industry and the government! When it comes to the government, if you can legislate control mandates for data privacy, you must abide by the same regulations and rules!

Having an access governance framework that establishes what access is required for a person’s job function (role), provides the ability to enforce access policy controls that will eliminate toxic combinations of access and the visibility to access change events to determine when access permissions are no longer needed is foundational to reducing insider access risk.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Brian Cleary is vice president of products and marketing at Aveksa, a leading provider of enterprise access governance solutions. Brian has more than 17 years of experience directing technology marketing initiatives for both emerging technology companies and top-tier enterprise software vendors. In previous positions, Brian served as vice president of marketing at OpenPages and as senior vice president of marketing at Computer Associates (CA). He has also held management positions at Netegrity, Allaire Corporation and Macromedia. He holds a bachelor’s degree from Syracuse University.