The real insider security threat

The recently published 2011 CyberSecurity Watch Survey claims to show that 21 per cent of attacks on organisations are caused by insiders.

And the report also points out that the percentage of those viewing the insider attacks as more costly is up this year (33 per cent) on the 25 per cent reported last year.

The report is also very interesting as it defines an insider as being an employee or contractor with authorised access, as well as noting that these types of attacks are becoming more sophisticated, where the user employs different Rootkits and hacking tools. This is a significant shift, as so far insider attacks used to rely on very simple techniques and tools (available with any work station).

There is a greater problem here that flies in under the radar, and does not seem to be included in the statistics. This centres on the threat of the individual who has no deliberate intention to cause the company any damage. Rather, the insider threat is mostly caused by an employee that collects information rightfully over time and the information is not removed when the employee leaves the company.

The danger here is when the employee re-uses that data at their next place of employment, or, as sometimes happens, the data `leaks’ from the employee’s own computer.

Another survey of over 1,000 UK employees found that 85 per cent of employees carry corporate data in their home computers or mobile devices. And 79 per cent of those surveyed revealed that their organisation does not have – or the employee is unaware of – any policy to remove company data from their laptop or other portable device when they leave the company.

Against this backdrop, I recommends that whilst companies scurry around to defend their digital assets against the apparent insider threat, they need to also need to defend against those members of staff who plan to take data with them when they move on to another organisation.

Approaching a review of a company’s security policies and controls from this angle means that the process is not as futile as some professionals think it is, but rather assesses and prioritises the largest risks in a logical manner.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Amichai Shulman is Co-Founder and CTO of Imperva, where he heads Imperva's internationally recognised research organisation focused on security and compliance. Prior to Imperva, Amichai was founder and CTO of Edvice Security Services, a consulting group that provided application and database security services to major financial institutions, including Web and database penetration testing and security strategy, design and implementation. Amichai served in the Israel Defense Forces, where he led a team that identified new computer attack and defense techniques. He has B.Sc and Masters Degrees in Computer Science from the Technion, Israel Institute of Technology.