Insiders Are a Threat, Even When They Don't Mean It

Wednesday Aug 26th 2009 by Alex Goldman

A study shows even accidental breaches can do a lot of damage.

Managers have every reason to fear their own employees, if they read the news. A few months ago, an energy company auditor tried to steal $9 million from the company he worked for. Last month, a data breach -- an inside job -- at LexisNexis was linked to the mafia, according to a grand jury indictment.

Now a new study is aiming to understand the threat -- and what enterprises can do to minimize it.

The research, conducted by IDC on behalf of security firm RSA, found that every enterprise interviewed had at least one breach during the past year, although the majority (52 percent) were believed to be purely accidental.

Yet even accidental breaches cost money. "Organizations risk substantial and ongoing damage when sensitive information, such as customer and employee personally identifiable information (PII), design plans, source codes, and other types of intellectual property, is accidentally exposed," the survey said.

In some organizations, the threat is constant. "We surveyed about 400 CxOs," Christopher Young, senior vice president of products at RSA, EMC's security subsidiary, told InternetNews.com. "Those 400 got about 58,000 internal risk incidents over the past 12 months."

The report said that many incidents were caused by out of date or excessive user privileges. These user privileges can cause failed audits, the report warned.

Read the rest at InternetNews.com.

Mobile Site | Full Site