Skip to main content

Security experts: "No surprise" that insiders are No.1 cause of breaches

Forrester's October report, 'Understand the State of Data Security and Privacy', identifies internal threats as the leading cause of data breaches.

The survey featured respondents from companies with two or more employees from Canada, France, Germany, and the UK and found that, over the past year, insiders rank top when it comes to leaking information, with 36 per cent of breaches resulting from misuse of data by employees.

"The rise in insider threat represents a trend that has been going on for quite some time," said TK Keanini, CTO of network security firm Lancope. "Attackers used to 'push' their attacks to servers, now the dominant tactic is to just have the inside user 'pull' the attacks into the enterprise where they can be installed and persist over long periods of time."

Keanini related this to unprotected gateways within an organisation.

"While the Internet gateways are well monitored and protected, the Intranet gateways are not. Again, the longer the threat can go undetected, the better; and this favours an inside strategy."

The report's author, Forrester analyst Heidi Shey, also highlighted the need for guidelines to work with in order to create a more holistic framework in which to prevent data leakage. A framework which Amar Singh, Chair of ISACA UK's Security Advisory Group, said is promising in principle.

"The 'framework' mentioned sounds very good in theory, but finding that needle or bunch of needles in a haystack is easier said than done. Furthermore, data classification exercises again sound good in theory, but all too often every type of data starts being stamped as important or critical," he said.

"It is important to identify the people that access known critical data sets like HR, legal and then follow due process, engage, and encourage these critical resources to gradually embed and increase security controls in their day to day operational activities.

"It is also crucial to define what is normal for your organisation and apply simple tweaks to existing systems to generate alerts on abnormal activity; for example, is the HR administrator accessing the salary package at 09:00 in the evening a normal and acceptable event?"

The survey also explored how security budget is allocated and how security teams' responsibilities are managed. Barry Shteiman, director of security strategy at Imperva, explains that, "companies have spent fortunes defeating network attacks, firewall breaches, viruses – but left their data centre exposed to the biggest security problem that exists – people.

"The insider data breaches problem is so big because it does not necessarily mean hackers. Any employee in an organisation may be a malicious insider, and even worse, any employee can be a compromised insider - it doesn't matter if it's the receptionist or the CEO - as long as they have access to the company's data," he added.

Dwayne Melancon, CTO of software specialist Tripwire, said Forrester's findings should come as "no surprise."

"After all, insiders have the most unfettered access to critical systems and data so it stands to reason they would be a top vector for attacks and data disclosure problems. This data drives home the need for enterprises to monitor their systems and data for suspicious changes and activities, regardless of the source. Merely watching network traffic is not sufficient," he continued.

But even when stricter internal policies are drawn up, employees must be able to effectively action them to prevent their abuse, Melancon argues. "Policies are just expectations until employees are given the means and oversight to enforce your corporate policies. If they don't know any better, you can count on them doing something inappropriate with your data, regardless of their intent."