Hackers Versus Insider Threats

Sue Marquette Poremba
Slide Show

Five Steps to Preventing Insider Data Breaches

Follow these best practices to help reduce your risk of an insider data breach.

Hackers or insiders: Which is the bigger threat to IT security?


It's just about even, according to the Symantec 2011 State of Security survey. The survey asked 3,300 organizations worldwide a number of security-related questions. One of the questions asked participants to rank business risks in order of their significance to the company, with 1 being the most significant risk and 7 least significant.


Cyber attacks came out first, with an average ranking of 3.23. IT incidents caused by well-meaning insiders came in second with an average ranking of 3.56. Third, at 3.65, was internally generated IT-related threats. The other options were traditional criminal activity, brand-related events, natural disasters and terrorism.


It's not surprising that cyber attacks came out on top. The bad guys are getting smarter and using more sophisticated methods to get to enterprise data, and IT security needs to anticipate what might be coming and stay one step ahead. You can't control a cyber attack, but you can be proactive to prevent one.


I was interested to see that insider threats were broken down into two categories and that the concern of the two threats was essentially equal. I'd be curious to see if insider threats would've been second if it were one all-inclusive category. The enterprise can have some control over insiders by setting up controls and enforcing a security policy, but I also think there is a fuzzy line between an innocent security mistake and an intentional threat. For example, I see that another iPhone prototype was left in a bar. A mistake by an employee? Probably, but do we really know that for sure? Is it an innocent mistake if an employee doesn't bother to password-protect a mobile device because it is too much of a hassle to remember yet another password?


The positive takeaway is that organizations are now seeing that cyber security needs to be a top concern. But a threat is a threat, whether it comes from an anonymous stranger a country away or from the absent-minded co-worker in the next cubicle.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.