http://www.darkreading.com/insiderthreat/security/attacks/showArticle.jhtml?articleID=226700346 By Robert Lemos Contributing Writer DarkReading Aug 16, 2010 For security firms that argue malicious insiders are a greater threat than outside attackers, the latest Verizon Data Breach Investigations Report seems like vindication: The proportion of incidents with an insider agent doubled to 48 percent, while attacks with an external hacker dropped to 70 percent. Incidents involving data theft from the outside still account for the majority of attacks -- with insiders catching up. The driving factor behind the increase in insider attacks was not the economic downturn -- an oft-argued opinion -- but rather the inclusion of a new data set in Verizon's database, says Alex Hutton, principal of research and intelligence for Verizon Business. The U.S. Secret Service joined much of its caseload data to Verizon's database, adding a large number of incidents where the victim had a better idea of the identity of the attacker and believed the person could be prosecuted. Both factors tend to favor incidents with an insider component. "With the Secret Service [cases], we got exposed to a whole new set of data," Hutton says of the report. Overall, Verizon still sees external attackers as the major threat, however. When an outsider steals data, he absconds with a massive number of records. In 2009, breaches caused by outside criminals accounted for about 139 million stolen records, while insiders accounted for only 2.6 million records. "A record that has been exposed is 70 times more likely to have been exposed by an external source than in internal source," Hutton says. Verizon doesn't refute the threat of insiders -- just the assertion that insiders pose the greatest risk. Companies should have defenses that work against insiders, outsiders, and partners, Hutton says. Identity and access management are essential controls that companies need to block -- or at least, slow down -- attackers. [...] -- Visit InfoSec News! http://www.infosecnews.org/Received on Tue Aug 17 2010 - 00:28:06 PDT
This archive was generated by hypermail 2.2.0 : Tue Aug 17 2010 - 00:36:00 PDT