A follow-up to our recent post on insider threats. A survey run by Threatpost last month, had some interesting results regarding the source of insider threats:

- 32% of respondents said a current or former employee has attacked their IT systems

- Of those attacks, 31% came not from disgruntled workers, but rather from current employees with clean personnel records

- In 32% of the attacks, the employee had legitimate, privileged access (administrator or root level) at the time of the attack

- 26% raised their permissions to administrator or root level access without authorization

- 15% of attackers were members of the company's IT security team

- 60% of insider attacks involved moving, deleting, or altering access to corporate data

- 24% of the insider attacks resulted in the theft of company funds or IP

In addition, the Threatpost survey found that 59% of the insider attacks were not reported to law encforcement or to regulators.

Our takeaways from this survey- they support the notion that insiders are a significant source of threat to corporate data in IT systems of all types, including SharePoint sites. The results also suggest that organizations would be wise to take this threat seriously, and to budget appropriately for security controls aimed at the insider threat. Too much of information security budgets are still targeted at mitigating the threats of five years ago. As industry thought leaders like the Jericho Forum suggest, the future is de-perimiterized whether we like it or not, and the only real question is what to do about it. At CipherPoint, we completely buy into the notion that a Defense in Depth strategy is required for SharePoint, and that security controls need to become "data centric". The only effective way to combat the insider threat as it relates to SharePoint is to apply encryption for the data stored in the platform, and to provide separation of duties controls for access control and security administration.

The complete report from Threatpost can be accessed here.

JD