Previous recent studies have found that the highest risk to enterprises is from within, from disgruntled or incompetent employees and partners. Why do you think this seems to have changed?
• We agree that partners are the single biggest threat to organisations. The dip in the partner breaches in our study was an effect of our case load bias and that we investigated a lot of very large cases that tied up a large number of our investigative resources. If we could have taken on every case that was offered to us last year we would have had a situation where the number of partner breaches would have gone up last year. We expect that external and partner breaches will reach parity in the next 18 months to two years.
• Insiders are a significant threat in recent times. Layoffs due to the effects of the global financial crisis have seen a jump in insider breaches. We have seen an increase in the number of insider end-user cases in 2008 and expect this to rise again in 2009. Most of these insider end user cases were where employees that have been terminated, and not had their access to critical data removed, have stolen data in the period between when they are given notice and when they exit the organisation.
Explain what is meant by the finding that most breaches resulted from a combination of events rather than a single action. What lessons should major enterprises learn from this?
• The typical external and partner data breach is made up of a number of moving parts. There is usually hacking to gain access to the systems and then malware is placed on the systems to steal data. The best approach to information security is defence in depth, but most organisations in our experience do not practice a good defence in depth strategy. Rather, they rely on a single control and when this is compromised, they are unaware until a third party taps them on the shoulder and notifies them that their environment has been compromised. Even then most organisations continue along in ignorance and deny the event until pressure becomes overwhelming from their customers, law enforcement and other regulatory bodies.
With 99 per cent of all breached records being compromised from servers and applications, how do major enterprises generally need to change their security strategies to combat this?
• The biggest single issue we see is the inability for organisations to control the lifecycle of their data. Sixty-seven per cent of breached records were in locations the victim organisation did not know existed on their systems. This shows systematic failure in the data management lifecycle.
Sign up for Computerworld eNewsletters.