A recent research provided from Imperva explained that one in every fifty employees is a malicious insider. This reaffirms Gartner’s research that the insider is not just disgruntled employees leaving the organization. Departing disgruntled leaving an organization is often anticipated, but the article warns that attention should also be rendered to current employees who sells information as a secondary source of income.
Impreva’s research, reviewed 140 security incidents and quizzed 250 UK based IT professionals which showed that these insider threats can have severe impacts on the organization. These events include theft or dissemination of confidential data, indemnity theft, loss of productivity and damage to equipment and facilities. The study showed that the biggest threat to enterprise security is the people that’s already on their payroll.
It also provides some mitigation and detecting techniques such as proper data classification, storage, and processes involving sensitive data.
Source: http://www.infosecurity-magazine.com/news/1-in-50-employees-a-malicious/
Interesting article. At my company we deal with PII data. Employees aren’t allowed to bring any storage devices such as USB or external hard drives, The flow of information into and out of the company networks are being regularly monitored and we can’t send any attachments externally through email. If there is any PII data being sent in attachment in an email, it has to be thru SecureZip and a person needs to be able to login to view it.
I don’t disagree with the point Imperva is making, but it is worth remembering that Imperva makes it’s living selling solutions for this space. From discussions I’ve had with Security and IT management, they as concerned about insert who just make a mistake as much or more then the malicious ones.
Wade