Upcoming Webcasts
CipherPoint conducts webcasts on SharePoint security and compliance topics, including HITECH compliance and SharePoint, SharePoint Defense in Depth, content security, and others. For links to replays of recent webcasts, please visit our webcasts page.
The Insider Threat and SharePoint
- 7-30-2010
An update to my last blog post, the 2010 Verizon Data Breach Investigations Report found that 48% of data breaches were caused by insiders. This most recent version of the VDBIR includes data from breach investigations by the US Secret Service.
http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf
In addition, a vendor (Cyber-Ark) study reported in Network World (7/12/10) found that:
67% of IT professionals have accessed information not relevant to their role
41% of IT staff have abused administrative passwords to snoop on sensitive or confidential information
In addition, an amazing 74% of IT staff respondents answered "yes" to the question "Can you get around any controls that have been put in place to monitor your privileged access?". 35% of respondents admitted to having experienced insider sabotage or IT security fraud, and 39% suspect that competitors have received some of the company's sensitive or proprietary information or IP.
Specific to SharePoint, a separate vendor survey (Surety) in 2009 found that 46% of respondents estimated the value of data stored in SharePoint exceeded $10M, with 9% valuing their data stored in SharePoint at greater that $500M. The same study found that 18% of SharePoint users have experienced data breaches, and of these, 2/3 of breaches were at the hands of insiders.
The insider threat is a very big deal in IT security generally, and in SharePoint data breaches specifically.
JD
http://www.verizonbusiness.com/resources/reports/rp_2010-data-breach-report_en_xg.pdf
In addition, a vendor (Cyber-Ark) study reported in Network World (7/12/10) found that:
67% of IT professionals have accessed information not relevant to their role
41% of IT staff have abused administrative passwords to snoop on sensitive or confidential information
In addition, an amazing 74% of IT staff respondents answered "yes" to the question "Can you get around any controls that have been put in place to monitor your privileged access?". 35% of respondents admitted to having experienced insider sabotage or IT security fraud, and 39% suspect that competitors have received some of the company's sensitive or proprietary information or IP.
Specific to SharePoint, a separate vendor survey (Surety) in 2009 found that 46% of respondents estimated the value of data stored in SharePoint exceeded $10M, with 9% valuing their data stored in SharePoint at greater that $500M. The same study found that 18% of SharePoint users have experienced data breaches, and of these, 2/3 of breaches were at the hands of insiders.
The insider threat is a very big deal in IT security generally, and in SharePoint data breaches specifically.
JD
Recent Blogs
- What SharePoint Security and Compliance Problems Do You Need to Solve?
- Wikileaks and SharePoint: Yes, There’s a Connection
- Security Breaches in 2011: Like Shooting Fish in a Barrel
- And Speaking of Insider Threats...
- Digital Universe, and the Growth of Unstructured Content
- Cloud Security
- Healthcare, Compliance, Security, and Microsoft SharePoint
- New SEC Guidelines Suggest Breach and Cybersecurity Disclosure in Financial Statements
- SharePoint: There's compliance, and then there's Compliance
- Top Security Mistakes and SharePoint
