Tuesday, November 20, 2007

SecTor 2007 - Inside and Dangerous

What is the greatest information system security threat facing companies today? According to a poll of information security managers, 87% of respondents say disgruntled employees are the worst threat they face. Ninety-two percent of actual attacks were motivated by revenge. Sixty-two percent of those attacks were planned in advance. Here's the kicker, though - 80% of those perpetrating attacks were under suspicion already within their organizations.

So why don't we hear about insider threats when talking about computer security.

Part of the answer to that question has to do with embarrassment. I mean should we expect to hear from Seagate directly that some of their hard drives were compromised and responsible for personal information being transferred to hackers in China? If you answered no, then you might be surprised to hear that Seagate did, in fact, 'fess up recently. Still, it's reasonable to assume that most privately held companies will not necessarily broadcast when insiders (or, in Seagate's case a subcontractor) are responsible for introducing vulnerabilities into their products or systems.

My own experience, limited as it is, would only partially confirm these lessons about insider threats. My viewpoint is simply that insider attacks happen far more frequently than most managers believe possible. Most are not particularly sophisticated. Most can be predicted at least to some extent. And most will never be reported publicly.

All of this from the first breakout session at SecTor at the Metro Toronto Convention Centre, a session with Kevin Coleman of technolytics.

No comments: