4. increasing insider ThreaTs
It isn’t just those well-funded adversaries outside the business that you, as a CEO, must worry about either. There are also numerous threats much closer to home— literally inside the business.
According to Gartner analysts, 70 percent of the security incidents that cost enterprises money involve insiders in some way or another. Companies often spend so much time and money worrying about threats outside the enterprise walls they often forget about the dangers that lurk within. The risks posed by employees and trusted partners can run from out-and-out fraud, all the way down to simple user errors that cause system insecurity and open them up to attack. Typically, both are caused by lack of controls and poor oversight of employee computer activities.
The risks posed by employees and trusted partners can run from out- and-out fraud all the way down to simple user errors that cause system insecurity and open them up to attack.
Especially damaging are the cases of intentional theft when employees remain unmonitored or have unconrolled access to sensitive data or systems.
It happens all of the time, and in many cases the damages can be in the hundreds of millions of dollars. In February 2007, it came out that a senior chemist at duPont stole $400 million worth of data and tried to leak it to a third party. In just a six month period, this trusted employee downloaded about 22,000 abstracts and 16,700 documents. He was eventually ferreted out by duPont’s IT staff and taken to trial for his transgressions—but for every one of those caught there are many more who actually get away with it.
As a CEO, I understand that trust is an important part of running a business. But I also realize that while I can trust people up to a certain extent, I have to set boundaries around trust.
...70% of the security incidents that cost enterprises money involve insiders...
Just as a company wouldn’t think twice about auditing the books and double- checking ledgers, it should be standard practice to keep track of access to valuable data assets and risky computing activities that could cost the business a mint.
Too many companies choose not to monitor employee interaction with intellectual property and sensitive data, and eventually pay a steep price for their lack of verification. And even those who choose to monitor general staff forget to watch the waters, leaving IT administrators with far more account access privileges than their jobs require. Besides, even the most trustworthy insiders are capable of triggering a security event that can send a business reeling.
dEbuNKING THE mOST COmmON myTHS AbOuT dATA prOTECTION
Lumension Security’s Senior Vice President of Business Development Rich Hlavka sits down to debunk the most common myths about data protection