Sunday, May 16, 2010
Who's The Bigger Threat? Staff Or Cyber Criminals?
Did You Know? A decade ago, viruses and other forms of malware were authored primarily by young, attention-seeking amateur coders Research by Verizon suggests 74 percent of data breaches are generated by external sources Figures cited by the World Economic Forum indicate that online theft alone in 2009 totalled around US$1 trillion
Conventional wisdom indicates that the biggest threat to most companies' IT networks comes from disgruntled employees rather than shadowy cyber criminals. Staff have access to passwords, and, in the case of the IT department, administrator privileges. What's more, they usually know what they are looking for and what it might be worth to a competitor.
The concept of the so-called 'insider threat' has been an enduring one in IT security circles and appears to be based in part on an early-nineties FBI study that concluded that 80 percent of IT security attacks were perpetrated by insiders. However, a lot has changed in 20 years - a millennium in Internet time. While once hackers and virus writers were often kids after kicks, today cyber crime has matured to become a huge business. Figures cited by the World Economic Forum indicate that online theft alone in 2009 totalled around US$1 trillion.
This effective 'industrialisation' of cyber crime may well have had an effect on perceptions of whether the 'insider threat' should still be the main priority when it comes to IT security. Organised criminal gangs intent on cracking into corporate networks in the same way they might target a bank vault may seem to be a more pressing threat than the odd wayward or disgruntled employee.
Lloyd Borrett, Marketing Manager at AVG (AU/NZ), explains why companies might want to reconsider where the bulk of their security resources are allocated. "A decade ago, viruses and other forms of malware were authored primarily by young, attention-seeking amateur coders (script kiddies or script bunnies) seeking to earn notoriety in underground hacker communities.
"The security landscape has, however, changed markedly during recent years. Organised criminal gangs realised that there was money to be made from malware and recruited skilled programmers to create malicious programs. These programs were not designed to cause disruption, but to enable the theft of money or data or both. This has led to the creation of an underground economy in which criminals can buy and sell data and the programs that are used to steal that data." voxy.co.nz