News Stay informed about the latest enterprise technology news and product updates.

Are insiders really a bigger threat?

A recent survey of data center professionals in various industries found that 52% of attacks come from individuals outside the enterprise.

Data center managers find that it is outsiders who are breaking into their systems, not insiders, though much is often made of threats posed by employees, a recent survey found.

About 52% of those responding to a survey by AFCOM's Data Center Institute said that attacks generally come from people not employed or affiliated with their enterprises. About 5% of attacks came from insiders, the survey said. Yet just less than a quarter of respondents said their security efforts are driven by fears of internal threats.

Orange, Calif.-based AFCOM is an association for data center professionals that offers services that support the management of data centers. Of the 257 people who responded to the survey, 16% were from manufacturing, 12.5% from insurance, real estate or legal, 9.7% from health care, 9.7% from government, 7.8% from education, 7.8% from wholesale, 7.8% from transportation and utilities, 6.6% from data processing services, and 22.1% from other industries.

The survey results seem to fly in the face of a popular view that insider threats are usually more worrisome than outsider threats. Another recent survey of financial institutions, one by Deloitte & Touche, found that 10% of attacks come from the inside.

Yet the demarcation between who poses an insider threat and who poses an outsider threat is getting muddy. For example, employees may access systems from the outside, while contractors who aren't employees can access systems internally, said Pete Lindstrom, research director at Spire Security, a Malvern, Pa.-based security analysis firm, during a recent edition of's News Spotlight.

"I never liked this concept of insider-versus-outsider threat, because it sounds like more of a vendor construct than anything else," Lindstrom said. Enterprises should protect against what are thought of as insider and outsider threats using a layered approach to security. Monitoring is also key, he said.

"Take the traditional insider logging in and stealing information. The need for security monitoring is obvious. Companies have little opportunity or time to stop an insider in the process," he said.

The AFCOM survey also found that some things run contrary to media hype. For example, the chief security officer position isn't a common sight in the data center space. For example, about 62% of respondents said they don't have a chief security officer (CSO) in their organization. Security duties are handled by people who hold a few other titles, such as data center vice president, director or manager; vice president of IS or IT; and chief information officer (CIO).

But the survey found support for some widely held views. For example, 71% of respondents said security is extremely important. About 26% said it is very important. Just under 3% said it was somewhat important or important.

That enthusiasm has translated into dollars. Almost half have increased their security budgets since last year. Only about a third stayed the same. Almost 69% of organizations have between 3% and 8% of their IT budgets slated for security. Some spend even more; 16% spend between 9% and 20% on security.

FOR MORE INFORMATION: news exclusive: "Examining threats from inside the firewall" news exclusive: "Damage report -- Insider threats vs. cyberterrorists"

Listen to this archived webcast: "Fighting insider crime -- Managing the threat of the trusted insider"

FEEDBACK: What is the biggest threat to your enterprise: the insider or the outsider?
Send your feedback to the news team.

Dig Deeper on Privileged access management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.