By Robert Lemos
Aug 16, 2010
For security firms that argue malicious insiders are a greater threat
than outside attackers, the latest Verizon Data Breach Investigations
Report seems like vindication: The proportion of incidents with an
insider agent doubled to 48 percent, while attacks with an external
hacker dropped to 70 percent. Incidents involving data theft from the
outside still account for the majority of attacks -- with insiders
The driving factor behind the increase in insider attacks was not the
economic downturn -- an oft-argued opinion -- but rather the inclusion
of a new data set in Verizon's database, says Alex Hutton, principal of
research and intelligence for Verizon Business. The U.S. Secret Service
joined much of its caseload data to Verizon's database, adding a large
number of incidents where the victim had a better idea of the identity
of the attacker and believed the person could be prosecuted. Both
factors tend to favor incidents with an insider component. "With the
Secret Service [cases], we got exposed to a whole new set of data,"
Hutton says of the report.
Overall, Verizon still sees external attackers as the major threat,
however. When an outsider steals data, he absconds with a massive number
of records. In 2009, breaches caused by outside criminals accounted for
about 139 million stolen records, while insiders accounted for only 2.6
million records. "A record that has been exposed is 70 times more likely
to have been exposed by an external source than in internal source,"
Verizon doesn't refute the threat of insiders -- just the assertion that
insiders pose the greatest risk. Companies should have defenses that
work against insiders, outsiders, and partners, Hutton says. Identity
and access management are essential controls that companies need to
block -- or at least, slow down -- attackers.
Visit InfoSec News!