AOH :: ISNQ6858.HTM

Inside Verizon's Insider Threat Data




Inside Verizon's Insider Threat Data
Inside Verizon's Insider Threat Data



http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=226700346 

By Robert Lemos
Contributing Writer
DarkReading
Aug 16, 2010 

For security firms that argue malicious insiders are a greater threat 
than outside attackers, the latest Verizon Data Breach Investigations 
Report seems like vindication: The proportion of incidents with an 
insider agent doubled to 48 percent, while attacks with an external 
hacker dropped to 70 percent. Incidents involving data theft from the 
outside still account for the majority of attacks -- with insiders 
catching up.

The driving factor behind the increase in insider attacks was not the 
economic downturn -- an oft-argued opinion -- but rather the inclusion 
of a new data set in Verizon's database, says Alex Hutton, principal of 
research and intelligence for Verizon Business. The U.S. Secret Service 
joined much of its caseload data to Verizon's database, adding a large 
number of incidents where the victim had a better idea of the identity 
of the attacker and believed the person could be prosecuted. Both 
factors tend to favor incidents with an insider component. "With the 
Secret Service [cases], we got exposed to a whole new set of data," 
Hutton says of the report.

Overall, Verizon still sees external attackers as the major threat, 
however. When an outsider steals data, he absconds with a massive number 
of records. In 2009, breaches caused by outside criminals accounted for 
about 139 million stolen records, while insiders accounted for only 2.6 
million records. "A record that has been exposed is 70 times more likely 
to have been exposed by an external source than in internal source," 
Hutton says.

Verizon doesn't refute the threat of insiders -- just the assertion that 
insiders pose the greatest risk. Companies should have defenses that 
work against insiders, outsiders, and partners, Hutton says. Identity 
and access management are essential controls that companies need to 
block -- or at least, slow down -- attackers.

[...]


--
Visit InfoSec News!
http://www.infosecnews.org/ 


Site design & layout copyright © 1986-2014 CodeGods