Insiders Pose Greatest It Threat: Study
The study, titled Ponemon Institute’s Survey on Data Security Breaches, reveals that sixty-nine percent of companies reporting serious data leaks responded that their data security breaches were the result of either malicious employee activities or non-malicious employee error. In fact, the number one leading cause of data security breaches resulted from non-malicious employee error (39 per cent). The Ponemon Institute concludes that these breaches are typically the consequence of complacency or negligence from lax or insufficient access controls to sensitive or confidential data. Only sixteen percent of serious data leaks were linked to hackers or external penetration. “The rise in identity theft and cyber crime has made data security a top- of-mind issue for many Americans as well as corporations,” said Larry Ponemon of the Ponemon Institute. “Companies spend considerable resources to combat outsiders, and the data suggests they are successful. However, companies have begun to realize that to protect customer trust, company brand and competitive secrets, they must now focus on the threat within.” “Organizations must become more aware of the source of information loss, and then they can adopt best practices to address the issue,” said Joseph Ansanelli, CEO of Vontu. “This survey highlights the severity of the insider threat problem. We believe that companies need to focus not only preventing customer information loss, but also the loss of other confidential information such as source code, intellectual property, merger and acquisition information, design documents, network diagrams, and marketing documents.” Of the 163 companies surveyed, seventy-five percent reported a serious security breach had occurred within the past twelve months. The survey also revealed the most common types of data security breaches. The majority of data breaches involved the loss of confidential business information, followed closely by the loss of personal customer information. The survey reports that of the top data security breaches: * 39% involved confidential business information * 27% involved personal information about customers * 14% involved intellectual property including software source code * 10% involved personal information about employees. The study is a subset of results from a larger Ponemon study entitled Ponemon Institute’s Corporate Data Security Practices. The research included questions about data security and privacy breaches occurring within a time period of twelve months. The results were captured over a 5-week period at the end of 2004. One hundred sixty-three companies were surveyed, with a majority being Fortune 1000 US companies. Other participating companies included large, non-publicly traded corporations, government entities and smaller public multinationals.