Upcoming Webcasts
CipherPoint conducts webcasts on SharePoint security and compliance topics, including HITECH compliance and SharePoint, SharePoint Defense in Depth, content security, and others. For links to replays of recent webcasts, please visit our webcasts page.
The Insider Threat: Fact or Fiction?
- 7-26-2010
One of the debates in the security industry that surfaces frequently has to do with insider attacks versus external attackers. For a very long time, the CSI/FBI study had insiders as the most damaging source of attacks and security problems. In 2010, the study got a little more specific in posing the insider question, and found that while 43.2% of respondents attributed some loss to malicious insiders, 75% attributed loss to non-malicious insiders (i.e. errors by employees causing loss).
Some other sources of attack data include the Verizon Data Breach Report, and the very recently released Digital Forensics Association report "The Leaking Vault, Five Years of Data Breaches". This report puts the total of records lost by insiders at 205M from 2005-2009, and outsiders at 357M over this period. This study looks essentially at security breaches where Personally Identifiable Information was exposed.
The most recent Verizon report had 20% of security breaches being caused by insiders, 74% by external source, however the median number of records compromised was significantly higher for inside threats (100,000 records/breach), vs. external (37k records/breach).
From the Ponemon/Arcsight study on cyber crime cost: "The most costly cyber crimes are those caused by web attacks, malicious code and malicious insiders. These account for more than 90 percent of all cyber crime costs per organization on an annual basis." This study found that the median cost to respondent companies for cyber crime was $3.8M/year.
An interesting question (not yet addressed by any study we're aware of) might be "what's the % of data loss for IP, and corporate sensitive/confidential data for insiders and outsiders?". And, "what 's the gross $ loss for these types of data by insider out outsiders"? In other words, how frequently do insiders steal IP , customer lists, etc., and what does this cost?
Some key takeaways:
Our view at CipherPoint is that the insider threat is real (as indicated by some of the data above), and for collaboration environments such as SharePoint, the threat is rapidly increasing.
Loss of sensitive/valuable corporate data (IP, prospect lists, customer lists) is unquantified at present, likely because there's no breach disclosure laws forcing companies to 'fess up if they have this sort of a breach, unlike for PII data breaches. However, stories about insiders having a peek at corporate secrets, or worse taking them with them to a new job are legion.
As regards SharePoint and the insider threat, the reality is that SharePoint makes it so easy to setup collaboration sites, and then to store and share information, that use of the platform to store confidential information (whether planned or unplanned) is happening at an alarming rate. A future blog will explore the specific insider threats in the SharePoint environment.
What do you think about the insider threat, and how relevant it is the the SharePoint world?
JD
Some other sources of attack data include the Verizon Data Breach Report, and the very recently released Digital Forensics Association report "The Leaking Vault, Five Years of Data Breaches". This report puts the total of records lost by insiders at 205M from 2005-2009, and outsiders at 357M over this period. This study looks essentially at security breaches where Personally Identifiable Information was exposed.
The most recent Verizon report had 20% of security breaches being caused by insiders, 74% by external source, however the median number of records compromised was significantly higher for inside threats (100,000 records/breach), vs. external (37k records/breach).
From the Ponemon/Arcsight study on cyber crime cost: "The most costly cyber crimes are those caused by web attacks, malicious code and malicious insiders. These account for more than 90 percent of all cyber crime costs per organization on an annual basis." This study found that the median cost to respondent companies for cyber crime was $3.8M/year.
An interesting question (not yet addressed by any study we're aware of) might be "what's the % of data loss for IP, and corporate sensitive/confidential data for insiders and outsiders?". And, "what 's the gross $ loss for these types of data by insider out outsiders"? In other words, how frequently do insiders steal IP , customer lists, etc., and what does this cost?
Some key takeaways:
Our view at CipherPoint is that the insider threat is real (as indicated by some of the data above), and for collaboration environments such as SharePoint, the threat is rapidly increasing.
Loss of sensitive/valuable corporate data (IP, prospect lists, customer lists) is unquantified at present, likely because there's no breach disclosure laws forcing companies to 'fess up if they have this sort of a breach, unlike for PII data breaches. However, stories about insiders having a peek at corporate secrets, or worse taking them with them to a new job are legion.
As regards SharePoint and the insider threat, the reality is that SharePoint makes it so easy to setup collaboration sites, and then to store and share information, that use of the platform to store confidential information (whether planned or unplanned) is happening at an alarming rate. A future blog will explore the specific insider threats in the SharePoint environment.
What do you think about the insider threat, and how relevant it is the the SharePoint world?
JD
Recent Blogs
- What SharePoint Security and Compliance Problems Do You Need to Solve?
- Wikileaks and SharePoint: Yes, There’s a Connection
- Security Breaches in 2011: Like Shooting Fish in a Barrel
- And Speaking of Insider Threats...
- Digital Universe, and the Growth of Unstructured Content
- Cloud Security
- Healthcare, Compliance, Security, and Microsoft SharePoint
- New SEC Guidelines Suggest Breach and Cybersecurity Disclosure in Financial Statements
- SharePoint: There's compliance, and then there's Compliance
- Top Security Mistakes and SharePoint
