Security Threats Hiding In Plain Sight

...

IT professionals would rather manage external threats than worry about insiders, a recent survey by Soha finds. But singular focus when it comes to security can end up being a costly mistake.

Data breaches have become so common that it's easy to overlook them. There were 781 known data breaches in 2015, according to the Identity Theft Resource Center, enough to read about mistakes being made twice a day if the media chose to write about every incident. Websites like haveibeenpwned.com list dozens of breaches affecting high-profile websites.

Almost anyone active online for a few years is likely to have received multiple breach notifications. So many businesses get hacked or reveal data through inattention that the details become a blur.

The potential threat posed by insiders is well known, even if employees, contractors, and partners don't represent the most significant threat vector. According to Verizon's 2016 Data Breach Investigations Report, 172 data breaches around the world last year were attributable to insiders and privilege misuse out of 2,260 breaches analyzed.

Privacy Rights Clearinghouse's database of data breaches suggests a relatively small percentage of breaches happened as a result of insiders: 13 out of 229 listed from 2015. Since the cause of many breaches is not publicly known, insider involvement could be greater.

Perhaps because so many attacks come from the outside, IT executives don't show much concern about the risk associated with third-party access to secure systems. Soha Systems, a provider of enterprise access management services, recently conducted an online survey of 219 IT professionals in the US, and found that only 2% of them saw third-party access as a top priority in terms of IT initiatives and budget allocation.

That's not entirely surprising. As a police force isn't likely to see its own people as its most pressing concern, IT professionals can be expected to look outside their organization and partners before turning their attention inward.

But Soha suggests more attention should be directed inwardly because "third parties cause or are implicated in 63 percent of all data breaches." That figure comes from a 2013 Trustwave report: "The majority of Trustwave's investigations (63%) revealed that a third party responsible for system support, development and/or maintenance introduced the security deficiencies exploited by attackers."

History has proven that insiders and partners can present problems, as they did for CVS, Samsung, American Express, and Experian.

Soha's findings perhaps overstate the disinterest of organizations in the security of the companies they work with. A BitSight Technologies Study, conducted by Forrester Consulting from March, 2015, found that third-party security represented a top business concern among enterprises.

Reconciling various vendor-backed studies to reflect the varying security situations faced by each different organization may not be a fruitful endeavor. Apples are not always compared to oranges, so to speak, and there's a lot of statistical cherry-picking. Try to think of an example of a vendor-backed study that doesn't justify the company's product and your thinking cap will run out of batteries. Then there's the issue of drawing conclusions from what people say in surveys rather than measuring what they actually do. Talk is cheap; implementing better security practices usually isn't.

But cost isn't a free pass to do nothing. Here's a look at why and some of the major findings of Soha's study. Let us know what you think. What measures does your organization take to stay safe from attacks from outsiders as well as insiders?

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Qualcomm Snapdragon 821 Mobile Chip Unveiled

    Barely in the market six months, Qualcomm has already named the 820's successor.These phones are among the leaders in advanced features, such as virtual reality, something the Snapdragon 820 excels at.
  • 5300c769af79e

    Salesforce Picks AWS as Preferred Public Cloud Provider

    ManageEngine OpManager, a powerful NMS for monitoring your network, physical & virtual (VMware/ HyperV) servers & other IT devices.Many Salesforce services, including Heroku, Marketing Cloud Social Studio, SalesforceIQ and the Salesforce IoT Cloud already run on AWS infrastructure, and Salesforce is Amazon's company-wide customer platform.
  • 5300c769af79e

    The State Of Data Engineers

    A recent report from data startup Stitch has taken a census view from data on LinkedIn to paint a fuller picture of data engineers today.The data is current as of March 2016, the company said in its report titled "The State of Data Engineering.
  • 5300c769af79e

    No Man's Sky (for PC)

    No Man's Sky ($59.Playing No Man's Sky feels like nothing before it, yet you've also played through the individual mechanics in some sense many times before.