Numbers: Internal Threats vs. External Threats
A recent survey by Deloitte & Touche suggests that CSOs should evenly balance their defenses against both external and internal threats.
By Kathleen Carr
August 01, 2003 — CSO — Fear the disgruntled employee. This has long been the mantra of security executives who believed that an employee who went off the deep end was more likely than an external source to launch a network attack. But a recent survey by Deloitte & Touche suggests that CSOs should evenly balance their defenses against both external and internal threats.
As for the 61 percent of survey respondents who say they haven't been attacked, Christian Byrnes, Meta Group analyst, says, "they just don't know it yet. One of the primary functions of security tools is to detect security failures. It can be very comforting for a manager, especially a CIO, to simply not see what is there by deciding not to invest in the necessary tools that detect security failures. No investment equals no detection, which equals no admission of failure."
Only 39 percent of survey respondents said they were victims of a cyberattack
16% were attacked from an external source
13% were attacked from an internal source
10% were attacked from both internal and external sources
61% reported that they were not attacked
Source: Deloitte & Touche "2003 Global Security Survey"
Read more about data protection in CSOonline's Data Protection section.
Other stories by Kathleen Carr
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- Introduction to VMware vCenter Site Recovery Manager 5
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Gartner Next Generation Network IPS Webcast
- Understand Your Data: The Future of Backup and Archiving
- Overcome Top 7 Admin Challenges of Active Directory
- Insiders Can Ruin Your Company. Take Action.
- Top Solutions and Tools to Prevent Devastating Malware
- X-Ray of the PCI Process-4 Proactive Steps
- Streamline Compliance and Increase ROI
- Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business
CSO Corporate Partners
- Your RSA, BSidesSF survival guide for 2012
Last year I wrote a column on how to get the most out of RSA and Security B-Sides without getting eaten alive by all the flash around you.
read more - Patch Tuesday preview, February 2012
- M86 report proves water is wet
More Salted Hash with Bill Brenner
