300,000 internal security breaches in UK last year
Beware of disgruntled employees - a new report reveals that UK businesses are being hit by over 1,000 internal security breaches every day.
NSA whistleblower Edward Snowden warns of iPhone spyware
Security software vendor IS Decisions came to these findings as a result of a new study, entitled ‘The Insider Threat Security Manifesto: Beating the threat within', which surveyed 250 IT decision makers.
The study found that more than 300,000 internal security breaches took place in UK businesses over the last 12 months - an average of 1,190 per working day.
The insider threat, perhaps best highlighted by former CIA contractor Edward Snowden, is also big problem in the US where there were 660,000 internal security breaches in the last year.
However, an altogether bigger problem for businesses is that monitoring and reacting to internal breaches doesn't appear to be high on the agenda for CISOs and IT managers. The report found that only 25 percent of IT managers consider insider threats to be in their top three security priorities, with this figure at 17.5 percent for their American counterparts. Furthermore, only 12 percent of respondents were more aware of the insider threat after Snowden's revelations.
Insider threat was trumped by viruses (67 percent), data loss (47 percent) and hacking (39 percent) as the biggest security concerns.
“It is human nature to see external sources as your greatest threat, and that, coupled with the fact that insider threat is a complex issue to manage, has led to IT professionals seemingly turning a blind eye to the issue,” said Francois Amigorena, CEO of IS Decisions, in a statement.
“These numbers, and the impact that the Edward Snowden case had last year, show clearly that internal security should be higher up the IT agenda. The reality is that it is a very considerable problem, but the good news is that there is a lot that IT departments can do to mitigate the risks. It's a technology issue as well as a cultural one, and can be addressed from both of these angles.”
This report comes one month after a contractor in South Korea accessed, stole and sold sensitive banking data including customer names, social security numbers, credit card numbers and expiry dates. The leak was said to have affected at least 20 million users in a country of around 50 million people.
Speaking to SCMagazineUK.com recently, Tim Ryan, MD and cyber investigations practice leader at risk mitigation and response firm Kroll, said that the insider threat is very real and said that most may never be undiscovered.
“There's a tremendous amount of data compromised today where the act is never discovered or disclosed.
"People discount the insider threat because it doesn't make the news. The insider threat is insidious and complex. Thwarting it requires collaboration by general counsel, information security, and human resources."
In an SC UK vendor webinar, 'The Enemy Within: Managing Insider Threats', from Guidance Software, due to go live February 18, Mitchell Bezzina, Senior Solution Consultant at Guidance Software, quotes the 2013 Verizon Data Breach Investigations report as showing that 69 percent of confirmed data breaches are due to insiders, even if most are due to acting carelessly rather than maliciously.