Firms must take internal threats more seriously
Survey says internal threats are now a greater worry than external threats
Internal data breaches are costing businesses an average of £1.8m a year, according to research published this week.
The international survey of 461 IT security professionals, conducted by vendor Arcsight, says firms spend £500,000 a year tackling internal threats, which are now considered more serious than external malware attacks.
The survey points to resource and leadership flaws as primary causes of internal misuse of data.
Arcsight chief security officer Brian Contos says firms must take the issue seriously.
‘A combination of the right hiring practices and technology can solve the problem,’ he said. ‘Often these guys are not clever hackers. People put things on iPods or print them out.’
Ant Allan, of analyst Gartner, says for years internal attacks were not considered an IT problem. ‘This used to be more of a man-management issue,’ he said.
‘In part, this move has been driven by regulatory pressure in the US, which has raised general awareness of the problem.’
Remote working has also made internal breaches more of an issue. ‘Firms want people to take work home with them, but they need to control information carefully,’ said Allan.
But a security source at a major European investment bank says restricting access can cause business efficiency problems.
‘Stopping people getting access to things they shouldn’t is high on the list, but not always easy to do without an army of administrators,’ said the source.
‘We take a lot of care in vetting who we hire and making sure people are trustworthy.’
Mobile threats hit out of the blue