- 10 Microsoft research projects
- 10 kitchen gadgets for the geek gourmet
- Verizon trounces competition
- Smartphone smackdown: Storm vs. iPhone
- FBI warns of holiday cyber scams
Mich Kabay takes a high-level view of security issues and provides resources to help safeguard your corporate and personal security.
The Verizon Business RISK Team recently published a valuable analysis of four years of data on security breaches among their clients, entitled "2008 Data Breach Investigations Report." The team said: "In a finding that may be surprising to some, most data breaches investigated were caused by external sources." Today I want to explore the implications of that finding.
The authors explain their terminology for sources of data breaches:
“Internal threat sources are those originating from within the organization. This encompasses human assets - company executives, employees, and interns as well as other assets such as physical facilities and information systems. Most insiders are trusted to a certain degree and some, IT administrators in particular, have high levels of access and privilege.”
The three threat sources used in the study are as follows (quoting with elisions as shown):
• External - Intuitively, external threats originate from sources outside the organization. Examples include hackers, organized
crime groups, and government entities but also environmental events such as typhoons and earthquakes. Typically, no trust
or privilege is implied for external entities.
• Internal - Internal threat sources are those originating from within the organization. This encompasses human assets - company
executives, employees, and interns as well as other assets such as physical facilities and information systems…
• Partner - Partners include any third party sharing a business relationship with the organization. This value chain of partners,
vendors, suppliers, contractors, and customers is known as the extended enterprise.
The researchers found that outsiders, not insiders, were responsible for “data compromises” in about three-quarters of the cases studied; “business partners were involved in 39% of the data breaches handled by our investigators. Internal sources accounted for the fewest number of incidents (18%), trailing those of external origin by a ratio of four to one.” The percentages add up to more than 100% because more than one type of source was observed in many breaches.
Speaking personally, I am going to have to rethink my long-held stance – originating in the 1980s – claiming that the bulk of the threats to information systems are internal. I have taught that about half the problems observed in organizations come from errors and omissions, with dishonest and disgruntled employees coming in next and adding up to about three-quarters of the cases informally reported by consultants. The Verizon study casts serious doubt on this vague generalization and I will be telling my introductory information assurance students to follow the guidance of my favorite bumper sticker: QUESTION AUTHORITY - in this case, me!
M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (7)
Labeling?By Anonymous on July 9, 2008, 9:05 amConsider too the possibility that insider data breaches may be labeled as something else: theft, misuse of authority, data corruption, data destruction etc. "When...
Reply | Read entire comment
Question AuthorityBy Anonymous on July 8, 2008, 2:04 pmWell don't you also want to focus the scientific lense of doubt on the Verizon study as well? In another section of the report regarding compromised data they state...
Reply | Read entire comment
Correct..By tuomoks on July 4, 2008, 12:03 amI have worked in industry 30+ years and can tell that you are absolutely correct. Now, of course, the public very seldom sees the damage when and if it can be kept...
Reply | Read entire comment
Reply | Read entire comment
verison study.By Anonymous on July 3, 2008, 7:47 pmwhich came first the chicken or the egg? common sense dictates that external breachs are many times the work of internal persons. after all it only makes sense...
Reply | Read entire comment
View all comments