Insider Threats Often due to Carelessness, Report Says

2013 Data Breach Investigations Report

In the world of IT security, one of the key reference documents often referred to throughout the year is the Verizon Data Breach Investigations Report (DBIR). Think of it as an international report card on data breaches that you are anxious to read, but certainly never want your company’s name to appear in. This year’s report is 63 pages of facts, findings and figures on the highlights and extent of data breaches from last year.

According to the report, “2012 reminded us that breaches are a multi-faceted problem, and any one-dimensional attempt to describe them fails to adequately capture their complexity.” We couldn’t agree more. Whether the threat is at the firewall or from within, it is more important now, than ever before, to install dynamic security controls that protect your organization at every touch point.

Some interesting takeaways from this year’s report:

  • There were a total of 47,000+ reported security incidents, 621 confirmed data disclosures, and at least 44 million compromised records. 
  • 96 percent of breaches were perpetuated by outsiders, but, most interestingly, we were surprised to see the findings showed only 14 percent of breaches were committed by insiders.
  • 76% of network intrusions exploited weak or stolen credentials.
  • 13% resulted from privilege misuse and abuse – "Abuse of system privileges is particularly common in larger organizations."

This is why it’s so crucial to have in place the right process to review data access within your organization in terms of who has access, who needs it, and who has it but isn’t even using it. An effective data access governance plan rooted in connected security will help protect sensitive information, support compliance and maintain business operations. Dell’s Connected Security solutions do just that: enabling businesses to connect and share intelligence across the entire enterprise to make sure all employees have only the access they need to do their jobs – and nothing more. Even better, by providing employees with only the access they need, you will cut down the pool of insider “threats” who have access, and may unknowingly open your organization up to a breach.

About the Author: John Milburn