Report: Insider attacks expensive, but there's a silver lining
The 2011 CyberSecurity Watch Survey, conducted by CSO and sponsored by Deloitte, revealed that more attacks come from outside entities. But it's the insider attacks that seem to cause the most grief.
By Bill Brenner , Senior Editor
February 03, 2011 — CSO —
We hear a lot these days about the gathering threats of cyberspace, where outside entities use software flaws, hijacked computers and social engineering to strike at company networks. But for many of those who participated in the 2011 CyberSecurity Watch Survey, malicious insiders are the greater cause for concern.
Of the 607 respondents who participated this year, 58 percent said most of attacks they experience are caused by outsiders without authorized access to network systems and data, compared to 21 percent who cited malicious insiders -- employees or contractors with authorized access. But 33 percent said insider attacks are more costly -- up from the 25 percent who said so last year.
Meanwhile, respondents said, insider attacks are becoming more sophisticated, with a growing number of insiders (22 percent) using rootkits or hacker tools compared to just 9 percent a year ago. Such tools are increasingly automated and easily available.
Not only are insider attacks financially costly, but they do additional damage that's often hard to quantify and recoup, the survey report said. Damage to an organization's reputation, critical system disruption and loss of confidential or proprietary information are the most insidious problems, respondents said.
Among the other findings in this year's survey:
- Twenty-eight percent of respondents have seen an increase in the number of attacks.
- Unintentional exposure of private or sensitive information has significantly declined since 2010 (31 percent in 2011 vs. 52 percent in 2010).
- The largest category of concern from a supply chain standpoint is with third-party vendors (55 percent in 2011 vs. 49 percent in 2010).
- Respondents are also concerned with contractor awareness (49 percent) and software awareness (42 percent).
- Cyber attacks from foreign entities has doubled in the past year, from 5 percent last year to 10 percent in 2011.
Joji Montelibano, who works in the CERT Insider Threat center at the Carnegie Mellon Software Engineering Institute, sees a silver lining in this year's numbers. "What's encouraging is that the cost of damages from insiders has decreased," he said. "Sixty-seven percent called it costly last year, but this year it's down to 46 percent. We'd like to think the right controls are being implemented and doing some good."
Indeed, respondents pointed to several steps they've taken to reduce their risk exposure. Sixty-five percent are providing more cybersecurity awareness training for employees and implementing internal monitoring tools like data loss prevention (DLP).
Eighty percent are using access management, 69 percent have deployed intrusion detection systems, 65 percent use vulnerability management tools and 64 percent use identity management technology. Since 2010, the biggest swing in implementation is vulnerability management systems, which grew to 65 percent from 48 percent last year.