Employees the biggest threat to network security
Two vendors debate whether company insiders are a greater security threat than hackers.
Face-off
By Joseph Ansanelli
,
Network World
, 02/21/2005
- Share/Email
- Tweet This
- Print
Today, insiders represent the single biggest security threat for the simple reason that we haven't addressed the problem.
That's because IT designed to prevent intrusion from the outside cannot handle the task of keeping confidential data inside
the organization. Yet according to Gartner, 84% of high-cost security incidents occur when insiders send confidential data
outside the company.
The other side: It's outsiders
The forum - What do you think?
It's easy to see why insiders, not hackers, now pose the greater threat. To violate information security, an intruder has
to figure out how to break into the network, then locate, obtain and distribute the desired data - all without being detected
by today's highly effective firewall, network security and intrusion-detection systems.
On the other hand, think of all the people inside the company who have ready access to customer, employee, product and financial
data. These same people also have instant access to the Internet. How easy is it for a call center representative to e-mail
confidential customer data to a competitor? Or for a software engineer to send source code out along with his résumé? And
what's to stop an administrative employee from leaking quarterly earnings via instant messaging?
With confidential customer data and intellectual property just a keystroke from the Internet, every organization is at risk.
Common sense tells us the insider threat is huge, and industry research confirms it. Vontu's risk assessment studies reveal
that one out of every 500 outbound e-mails contains confidential customer, employee or financial data, intellectual property
or competitive information. Our research further indicates that 95% of data loss incidents are unintentional.
Today's network security systems are mostly designed to prevent intrusion from outside the network. To stop an insider threat,
software has to meet entirely different requirements.
First, it must not only detect every single security violation based on discrete policies and content, but it must also proactively
prevent the transmission of confidential data outside the network. It must provide the ability to accurately measure and reduce
risk over time. And it must let users manage information security throughout the enterprise and even, in some cases, across
multiple companies, such as outsourcing partners and distributors.
Comment