Won't Steal Corporate Data? You're In The Minority - InformationWeek
IoT
IoT
IT Leadership // CIO Insights & Innovation
Commentary
12/10/2008
04:47 PM
Bob Evans
Bob Evans
Commentary
50%
50%
RELATED EVENTS
Building Security for the IoT
Nov 09, 2017
In this webcast, experts discuss the most effective approaches to securing Internet-enabled system ...Read More>>

Won't Steal Corporate Data? You're In The Minority

The bad news on insider threats keeps getting worse: most respondents to a new database-security study think such attacks will accelerate in 2009 and that insiders will most likely be behind them. Yesterday I noted the huge risks from employees wanting some "insurance" in case they get laid off; today's culprits appear to be a mix of shortsighted budgeting, ignorance, and incompetence.

The bad news on insider threats keeps getting worse: most respondents to a new database-security study think such attacks will accelerate in 2009 and that insiders will most likely be behind them. Yesterday I noted the huge risks from employees wanting some "insurance" in case they get laid off; today's culprits appear to be a mix of shortsighted budgeting, ignorance, and incompetence.Yes, that's tough talk, but combined with new studies highlighted in yesterday's post about how a significant majority of employees are willing to steal corporate data out of fear of being laid off, these additional findings could well require CIOs to reset cybersecurity priorities and dollars. Just look at this answer to a question about which factors are keeping companies from improving the security of enterprise databases that those companies admit are vulnerable:

  • Don't have accurate inventory of our enterprise DB systems: 21%
  • Don't know which DBs contain secure, confidential data: 18%
  • Lack of appropriate DB security skills: 18%
  • Confusion over which group "owns" DB security: 15%
  • Lack of budget for security solutions: 40%
  • This is becoming a huge issue that CIOs will have to tackle in 2009, and these latest results from Enterprise Strategy Group underscore, once again, the grave danger posed by employees who are either looking to steal customer data or who are simply unaware of proper security policies. Look at these responses to a question about the root causes of confidential-data breaches that companies had to disclose in the past 12 months:

  • Insider physical method: 27%
  • Insider logical method: 23%
  • External logical method: 19%
  • Accidental loss of device: 14%
  • Combo of inside/outside: 11%
  • Don't know the cause: 4%
  • Human error: 3%
  • And, as if these numbers haven't caused enough heartburn and indigestion, let me heap on a few more habaneros: "Nearly 84% of respondents believe that all or most of their confidential data is protected. This perception is disconnected from reality, as the same respondents noted they failed security audits more than 33% of the time (HIPAA, SOX, FISMA, etc.)." This last bit is from a press release about the study from Application Security, which sponsored the study and said that contact information for obtaining a copy of the report is available here.

    Comment  | 
    Print  | 
    More Insights
    Comments
    Newest First  |  Oldest First  |  Threaded View
    How Enterprises Are Attacking the IT Security Enterprise
    How Enterprises Are Attacking the IT Security Enterprise
    To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
    Register for InformationWeek Newsletters
    White Papers
    Current Issue
    2017 State of IT Report
    In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
    Video
    Slideshows
    Twitter Feed
    Sponsored Live Streaming Video
    Everything You've Been Told About Mobility Is Wrong
    Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
    Flash Poll