Insider-led attacks account for 20 per cent of all data theft, a new study by KPMG has revealed.
In its Data Loss Barometer report (DLB), which analyses issues affecting IT security across the world, KPMG found that one fifth of all reported cases of data theft in the first half of 2010 were caused by attacks from within the organisation, up from 4 per cent of threats in 2007.
According to the DLB, data theft caused by malicious insider-led attacks has affected 23 million people worldwide since 2007.
Malcolm Marshall, head of the information security practice at KPMG in the UK said: "The recession may have played its part in driving up the increase in malicious insider data loss incidences, as data becomes an increasingly valuable commodity.”
“But the alternative is that as organisations get wiser to the tactics of hackers, then criminals may be tempting staff to pass on valuable information - hence the massive growth in the insider threat.”
The report found that hacking still remains the number one cause for data theft globally with almost a quarter of a billion people affected, but a “dramatic” rise in data loss in the healthcare sector was also seen. According to the DLB, incidents in healthcare rose from 12 per cent of all data loss in 2009 to 25 per cent this year. And KPMG expects data theft across all sectors to continue to rise throughout the next year.
“2011 and beyond will undoubtedly see the data theft threat continue to grow - Stuxnet is seen as the first 'weaponised cyber-attack' and it has upped the game in terms of the level of sophistication,” Marshall said.
“It will only be a matter of time before similar techniques are developed by criminal gangs. The likely result is broader 'general' security breaches and increasingly large direct financial losses.”
He added: "The fear of tougher sanctions, regulatory developments and negative publicity appears to have increased the awareness of the need to protect vital information. But as 'cyber wars' begin to take hold as a threat, and criminals constantly seek new ways of infiltrating systems, businesses and individuals alike need to ensure the security of their data is given utmost priority.”