Home > News > Security > Insiders, not hackers, responsible for corporate data loss

Insiders, not hackers, responsible for corporate data loss

A new survey of IT professionals has shown how external hackers have very little responsibility for corporate data leaks.

The survey found that data breaches within companies were caused by inside staff in 75 per cent of cases, compared to just one per cent by outside hackers. Overall 79 per cent of US companies suffered at least one data breach last year.

"Enterprises must recognize that simply trusting employees will inevitably prove detrimental to their security, their risk postures and their business interests," wrote Perry Carpenter, research director at Gartner.

"A mixture of tried-and-true security practices, security awareness, and low and high-tech toolsets will provide the most effective and comprehensive defense against the insider threat."

Overall 41 per cent of breaches occurred on mainframes, which raised serious concerns since 80 per cent of the world’s data is stored on such systems.

The survey interviewed 3,596 IT professionals in the US, UK, France and Germany with an average of nearly nine years of experience.

Overall the US led in the incidence of data breaches, with France second at 63 per cent and the UK third at 55 per cent. Only 39 per cent of German companies only suffered breaches last year.

In the UK hacking was slightly more prevalent, accounting for three per cent of breaches, compared to 37 per cent by malicious insiders, and 63 per cent by negligent insiders. Interestingly 25 per cent came from outsourcing suppliers.

There was also a distinct lack of accountability in breaches within companies. Over half of those questioned said that no one person was held to account over breaches, with the chief information officer taking the blame in just 25 per cent of cases.

Ads by Google

Thoughts on this article? Add a comment below.

Comments: 2

3 problems with this article. 1. It assumes organisations actually know about all the breaches and data loss they suffer. This is highly unlikely. 2. If "negligence" includes social engineering/client side attacks then the percentage of "hacker" attacks is a lot higher than is suggested in this article. 3. If many of the internal attacks aren't pinned on a particular individual, how do you know it wasn't a compromised client attacking the network from "inside"? My opinion is that the future of security breaches will be primarily dominated by a combination of social engineering which includes a hacker gaining access by becoming a member of the organisation, client side attacks (overflows, email/web site based attacks etc.) and the rest (virii, ssh/ssl tunneling, internal brute force for privilege escalation etc.) will be a compliment these techniques. cf

Posted by cf, Oct 12, 2008 10:49 AM

Report

so interesting stats to back up our arguments

Posted by Greg, Oct 20, 2008 4:13 PM

Report

Report this comment as offensive:

* Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.

Name:

Email:

(will not be displayed)

Comment:

(HTML not permitted)

Validation

Enter the code you see below:

Product Reviews

	AdventNet ManageEngine The AdventNet Manage-Engine Password Manager Pro provides a complete system for password management in one...

	Cyber-Ark Software Enterprise Password Vault The Cyber-Ark Enterprise Password Vault, or EPV, is a high-end password management powerhouse.

	Hitachi ID Systems ID-Archive The Hitachi ID-Archive sets its focus on password randomisation.

	Lieberman Software Enterprise Random PM The Lieberman Software Enterprise Random Password Manager is a full-on password manager and randomiser for...

	Proginet Corporation SecurForce Proginet SecurForce is a little bit of a horse of a different color for this month's Group Test.