Historically, the approach to enterprise security has been to make the fortress bigger and stronger – to install more products, and write more policies. Yet despite heightened security awareness and cutting-edge tools, 2006 was the worst year yet on record for corporate security breaches – continuing the year-on-year escalation of security risk. The problem is, attackers are as advanced as the defenders – and the attacks don’t always come from the expected direction.
The fact is that the biggest threat to an organization lies within its boundaries. In its 2006 survey, “Information Security Breaches,” the DTI and PricewaterhouseCoopers found that 32% of Information Security attacks originated from internal employees while 28% came from ex-employees and partners.
Similarly, law enforcement experts in Europe and the US estimate that over 50% of breaches result from employees misusing access privileges, whether maliciously or unwittingly.
So securing the enterprise isn’t just about stopping external threats. It’s just as important to contain the threat from hapless or hazardous employees.
One of the key internal threats to corporates is spyware, because it’s all too often introduced without malicious intent, by employees that naively click through a couple of pop-up browser windows, or install an unapproved yet ‘cool’ application on the network. The situation isn’t helped by the myths that surround spyware.