Security Threats Hiding In Plain Sight


IT professionals would rather manage external threats than worry about insiders, a recent survey by Soha finds. But singular focus when it comes to security can end up being a costly mistake.

Data breaches have become so common that it's easy to overlook them. There were 781 known data breaches in 2015, according to the Identity Theft Resource Center, enough to read about mistakes being made twice a day if the media chose to write about every incident. Websites like list dozens of breaches affecting high-profile websites.

Almost anyone active online for a few years is likely to have received multiple breach notifications. So many businesses get hacked or reveal data through inattention that the details become a blur.

The potential threat posed by insiders is well known, even if employees, contractors, and partners don't represent the most significant threat vector. According to Verizon's 2016 Data Breach Investigations Report, 172 data breaches around the world last year were attributable to insiders and privilege misuse out of 2,260 breaches analyzed.

Privacy Rights Clearinghouse's database of data breaches suggests a relatively small percentage of breaches happened as a result of insiders: 13 out of 229 listed from 2015. Since the cause of many breaches is not publicly known, insider involvement could be greater.

Perhaps because so many attacks come from the outside, IT executives don't show much concern about the risk associated with third-party access to secure systems. Soha Systems, a provider of enterprise access management services, recently conducted an online survey of 219 IT professionals in the US, and found that only 2% of them saw third-party access as a top priority in terms of IT initiatives and budget allocation.

That's not entirely surprising. As a police force isn't likely to see its own people as its most pressing concern, IT professionals can be expected to look outside their organization and partners before turning their attention inward.

But Soha suggests more attention should be directed inwardly because "third parties cause or are implicated in 63 percent of all data breaches." That figure comes from a 2013 Trustwave report: "The majority of Trustwave's investigations (63%) revealed that a third party responsible for system support, development and/or maintenance introduced the security deficiencies exploited by attackers."

History has proven that insiders and partners can present problems, as they did for CVS, Samsung, American Express, and Experian.

Soha's findings perhaps overstate the disinterest of organizations in the security of the companies they work with. A BitSight Technologies Study, conducted by Forrester Consulting from March, 2015, found that third-party security represented a top business concern among enterprises.

Reconciling various vendor-backed studies to reflect the varying security situations faced by each different organization may not be a fruitful endeavor. Apples are not always compared to oranges, so to speak, and there's a lot of statistical cherry-picking. Try to think of an example of a vendor-backed study that doesn't justify the company's product and your thinking cap will run out of batteries. Then there's the issue of drawing conclusions from what people say in surveys rather than measuring what they actually do. Talk is cheap; implementing better security practices usually isn't.

But cost isn't a free pass to do nothing. Here's a look at why and some of the major findings of Soha's study. Let us know what you think. What measures does your organization take to stay safe from attacks from outsiders as well as insiders?

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Robots: Not The Job Stealers We Feared

    Robots will not take as many jobs away from humans as feared, but we're still likely to face serious social and political challenges driven by the economic effects of technological change.Perhaps the most widely noted report on the subject, "The Future of Employment: How Susceptible Are Jobs to Computerisation?
  • 5300c769af79e

    Amazon Says First Amendment Protects Alexa Data

    Prosecutors in an Arkansas murder trial claim that an Amazon Echo could hold data crucial to the case, but Amazon says that data is protected by the First Amendment and is refusing to give it up.It received national attention in December when authorities issued a warrant for data stored on the defendant's Echo, powered by Amazon's Alexa voice assistant.
  • 5300c769af79e

    Huffington Leaves Post to Focus on Health Startup

    Arianna Huffington on Thursday announced she would leave her position as editor-in-chief of the eponymous publication she cofounded 11 years ago to focus on her latest project -- Thrive Global, a lifestyle, health and wellness site.The reasons for her exit from The Huffington Post may be more complicated than that, however.
  • 5300c769af79e

    Don’t Miss These Android Stories: November 4, 2016

    Another week in the books at DL.As you might have seen, we spent a lot of time on our video review of the Google Pixel, so please be sure to give that a view.