Problem solve Get help with specific problems with your technologies, process and projects.

Risk versus hype: What is the real impact of insider security threats?

Expert Joe Granneman separates sensationalism from reality to determine how much risk insider security threats actually pose to enterprise security.

In a recent survey of international corporate executives, insider threats were their No. 1 security concern. Does data justify this level of concern? Should the top priority (and subsequent resources) of enterprise infosec teams be to curb insider security threats?

Ask the Expert

Have questions about enterprise security? Send them via email today! (All questions are anonymous.)

The perceived risk posed by insider threats has increased dramatically in the wake of Edward Snowden and leaks around the National Security Administration's PRISM program. Even before the Snowden leaks though, many executives were already under the misconception that insiders can do more damage than attackers outside of the firewall. This perception has been reinforced over time by incidents such as the sensationalized media attention given to Julian Assange and his Wikileaks organization. Still, as publically damaging as these leaks may have been, the data regarding insider security threats does not back up this perception of risk.

For example, the 2013 Verizon Data Breach Investigation Report stated that only 14% of reported data breaches involved insiders, and over 70% of those insider data breaches occurred within 30 days of the employee announcing their resignation. To contrast those numbers, 86% of the data breaches in the Verizon report came from external sources, while only 7% came from business partners. Based on this information, infosec teams that assign the majority of their resources to mitigate insider threats may be making a big mistake.

An enterprise's information security strategy should be based on solid risk management programs that consider multiple potential risk factors, not exaggerated media reports. The key is to focus on the importance of the data itself and building protections based on all potential risks -- not just insider threats. Executives are usually receptive to the familiar risk management approach as it is used in other types of business risk decisions. This approach will help infosec teams prioritize limited resources more effectively, while also providing a more complete picture of information security risks to executives.

This was last published in October 2013

Dig Deeper on Security Awareness Training and Internal Threats-Information

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.