Insider Security Events Mostly UnintentionalBy Ericka Chickowski | Posted 2009-08-25 Email Print
Most security incidents are accidential or are mistakes made by trusted, internal users, according to a new report by EMC's RSA security division.
Even though malicious insider threats receive the most hype, most organizations experience more accidental insider threat incidents than intentional, according to a new threat report released by IDC in conjunction with RSA yesterday.
The report can act a good lesson to channel providers on the opportunities presented by customers facing risks from within their organizations, says Christopher Young, vice president of product at RSA, the security division of EMC.
"Now, more than ever, organizations are dealing with the fact that their legitimate user population has got computing power like they’ve never seen before," he says, emphasizing that access to resources, sensitive information and systems multiplies daily. "That kind of increased surface area for the IT infrastructure is going to create a whole series of risks, and it will create the opportunity for the channel to help secure those assets."
IDC analysts Brian Burke and Christian Christiansen surveyed 400 CXOs to develop the report. They wrote that 52 percent of those surveyed characterized insider threat incidents as primarily accidental and 26 percent thought these incidents were an equal combination of deliberate and accidental. Only 19 percent of organizations thought the insider threat was mostly from deliberate acts.
In aggregate, those surveyed reported experiencing 58,000 insider-related security incidents in the past year. Among those, unintentional actions by insiders were responsible for most of incidents. Organizations experienced an average of approximately 14.4 incidents of unintentional data loss per year.
These types of incidents may not be as "sexy" as the splashy stories of malicious fraud conducted by disgruntled employees, but they’re imminently more problematic to enterprises, says Young.
"It is sometimes harder to gain visibility on the unintentional risks," he says. "Like the person who accesses a file inadvertently or whose account is used inadvertently or who e-mails out a document that shouldn’t have been sent or somebody who loses a piece of media that has sensitive information on it."
According to Burke and Christiansen, because the risks inside the organization vary so much, enterprises must take a much more holistic approach to information protection.
"IDC believes a framework approach will provide improved efficiencies, better visibility and effective security for the internal risks outlined in this paper," they wrote. "The challenge of managing insider risks is too complicated and complex for a single point solution, such as DLP or authentication, to manage alone."
This framework-based approach is not only a suggested best practice, but it is also provides channel partners with a mode and method of selling security that can serve customers while offering a sustained revenue model.
"That's a great opportunity for a channel partner to not just resell a product but also provide all of the services that are required for that product to exist in the context of a good overall information-centric program for organizations," Young says. "It’s an opportunity for a channel partner to go in, help customers assess risk, set policy and then put the right products in place that support that program."