CSO Survey Reveals Insider Threats Are on the Rise

The recently released 2006 E-Crime Watch survey showed a decline in security events in the past 12 months, but an increase in the financial and operational losses caused by such electronic crime incidents.

While the survey shows that respondents continue to be most concerned with intruders from outside their organization (58 percent of events were reportedly committed by outsiders), the insider threat is getting worse. Of those organizations experiencing security incidents, the majority (55 percent) report at least one insider event (up from 39 percent the year prior).

“Just having policies in place is not good enough. Organizations need to focus on implementation and enforcement of their policies,” says Dawn Cappelli, senior member of the technical staff at CERT. “Nearly all respondents report having account and password management policies, yet over half of the insiders compromised accounts, a third used back doors, and others used password crackers or sniffers.”

The 2006 E-Crime Watch survey reveals the most effective e-crime fighting technologies include statefull firewalls (87 percent), electronic access or control systems (86 percent), password complexity (80 percent), network-based antivirus (74 percent) and encryption (74 percent). The study also shows continued investment in security, with respondent organizations spending an average of $20 million on IT security and $19 million on physical security.

“The results of the E-Crime Watch survey show some progress, but also point to the work ahead,” says Doug Cavit, chief security strategist for Trustworthy Computing at Microsoft. “Along with our own research and dialogue with customers and partners, the survey reaffirms that organizations need to continue to invest not only in technology solutions, but also in partnerships to assist in the development of policies and best practices that can help fight evolving cyber crime threats.”

Overall, the survey shows organizations have better visibility into what is going on in their enterprises and are better prepared to respond. The majority of respondents (69 percent) say they are more prepared to prevent, detect, respond and recover from cybersecurity threats to the organization than in the past year. At the same time, more than half (56 percent) are more concerned about those threats than they were a year ago.

Compiled by Paul Kerstein (press release by Karen Fogerty, director of external relations, CXO Media)

About the 2006 E-Crime Watch Survey

The 2006 E-Crime Watch survey was conducted by CSO magazine in cooperation with the U.S. Secret Service, Carnegie Mellon University Software Engineering Institute’s CERT Coordination Center and Microsoft. The survey was deployed June 28 through July 30, 2006. An e-mail invitation containing a link to the survey was sent to 15,000 CSO magazine readers (CSOs, security and law enforcement professionals), yielding 434 respondents. Margin of error is +/- 3.4 percent.   Respondent answers cover the period between July 2005 and June 2006.

More information and survey results can be found here.

Keep checking in at our Security Feed for updated news coverage.