Going after the bigger insider threats

Eric J. Sinrod says new data debunks the notion that fired and disgruntled employees pose the greatest security risks.

Sept. 21, 2006 6:52 a.m. PT

2 min read

New research from the Ponemon Institute finds that 78 percent of IT professionals in the United States claim that their companies have suffered unreported insider-related security breaches.

In other words, we still do not know the full extent of the problem posed by data security.

Insider threats include the misuse or destruction of sensitive or confidential information, as well as damage to the IT machinery where the data is stored. This can come about because of anything from simple mistakes or negligence to reckless behavior and even corporate sabotage. But what are the causes of insider threats, and how can IT professionals respond in time?

The Ponemon report contradicts the general impression that fired and disgruntled employees represent the greatest risks.

In 2005, Ponemon put the direct and indirect expenses of responding to a data breach at $138.39 per data subject. While an organization could expect to spend an average of $3.4 million annually to grapple with insider security breaches, it found that the majority was still investing less than $1 million on preventive measures.

You might have assumed that those headlines would have had an impact. But as we head into the second half of 2006, one is left with the feeling that corporate America is not taking data breach prevention seriously. According to the Ponemon report, the absence of sufficient resources and leadership has undercut efforts to address the insider threat. What's more, often, no single person has been charged with overall responsibility for managing insider security threats.

None of this takes place in a vacuum. Nearly half of the IT pros surveyed lay the blame for lack of funding and leadership on chief executives, who, they say, give the issue low priority. By contrast, 89 percent of respondents say insider data security threats should be taken seriously. Given the current state of affairs, IT departments not surprisingly devote a considerable amount of their time seeking to prevent or control insider threats.

The Ponemon report contradicts the general impression that fired and disgruntled employees represent the greatest risks. Instead, accidental data leaks frequently occur because employees lack enough knowledge about preventive measures or because of employee carelessness.

When asked about what constitutes the greatest risk (each respondent was allowed two choices), here were their answers in descending order: careless employees (34 percent); negligent employees (32 percent); temporary employees (29 percent); disgruntled employees (21 percent); terminated employees (19 percent); partners (16 percent); privileged users (12 percent); and system administrators (11 percent).

Asked how to fix the problem, respondents point to the need for better training programs, as well as independent audits. Technologies can also help, including identity and access management solutions, content filtering, and data leak detection and prevention solutions.

The big question is whether corporate America is ready to follow the lead spelled out by its IT professionals? For its sake, let's hope so.