Even though malicious insider threats receive the most hype, most
organizations experience more accidental insider threat incidents than
intentional, according to a new threat report released by IDC
in conjunction with RSA yesterday.
The report can act a good lesson to channel providers on the opportunities
presented by customers facing risks from within their organizations, says
Christopher Young, vice president of product at RSA,
the security division of EMC.
“Now, more than ever, organizations are dealing with the fact that their
legitimate user population has got computing power like they’ve never seen
before,” he says, emphasizing that access to resources, sensitive information
and systems multiplies daily. “That kind of increased surface area for the IT
infrastructure is going to create a whole series of risks, and it will create
the opportunity for the channel to help secure those assets.”
IDC analysts Brian Burke and Christian
Christiansen surveyed 400 CXOs to develop the report. They wrote that 52
percent of those surveyed characterized insider threat incidents as primarily
accidental and 26 percent thought these incidents were an equal combination of
deliberate and accidental. Only 19 percent of organizations thought the insider
threat was mostly from deliberate acts.
In aggregate, those surveyed reported experiencing 58,000 insider-related
security incidents in the past year. Among those, unintentional actions by
insiders were responsible for most of incidents. Organizations experienced an
average of approximately 14.4 incidents of unintentional data loss per year.
These types of incidents may not be as "sexy" as the splashy
stories of malicious fraud conducted by disgruntled employees, but they’re
imminently more problematic to enterprises, says Young.
“It is sometimes harder to gain visibility on the unintentional risks,” he
says. “Like the person who accesses a file inadvertently or whose account is
used inadvertently or who e-mails out a document that shouldn’t have been sent
or somebody who loses a piece of media that has sensitive information on it.”
According to Burke and Christiansen, because the risks inside the
organization vary so much, enterprises must take a much more holistic approach
to information protection.
“IDC believes a framework approach will
provide improved efficiencies, better visibility and effective security for the
internal risks outlined in this paper,” they wrote. “The challenge of managing
insider risks is too complicated and complex for a single point solution, such
as DLP or authentication, to manage alone.”
This framework-based approach is not only a suggested best practice, but it
is also provides channel partners with a mode and method of selling security
that can serve customers while offering a sustained revenue model.
“That’s a great opportunity for a channel partner to not just resell a
product but also provide all of the services that are required for that product
to exist in the context of a good overall information-centric program for
organizations,” Young says. “It’s an opportunity for a channel partner to go
in, help customers assess risk, set policy and then put the right products in
place that support that program.”