Imperva warns on the real insider security threat

Redwood Shores, CA, (PresseBox) - 10th February 2011 - The recently published 2011 CyberSecurity Watch Survey claims to show that 21 per cent of attacks on organisations are caused by insiders.

And, says Amichai Shulman, chief technology officer with data security specialist Imperva, the report also points out that the percentage of those viewing the insider attacks as more costly is up this year (33 per cent) on the 25 per cent reported last year.

"The report is also very interesting as it defines an insider as being an employee or contractor with authorised access, as well as noting that these types of attacks are becoming more sophisticated, where the user employs different Rootkits and hacking tools" he added. This is a significant shift, as so far insider attacks used to rely on very simple techniques and tools (available with any work station).

The Imperva CTO went on to say that there is a greater problem here that flies in under the radar, and does not seem to be included in the statistics.

This, he explained, centres on the threat of the individual who has no deliberate intention to cause the company any damage. Rather, the insider threat is mostly caused by an employee that collects information rightfully over time and the information is not removed when the employee leaves the company.

The danger here, says Shulman, is when the employee re-uses that data at their next place of employment, or, as sometimes happens, the data 'leaks' from the employee's own computer.

Imperva's own street survey of over 1,000 UK employees found that 85 per cent of employees carry corporate data in their home computers or mobile devices, he said.

And, he added, 79 per cent of those surveyed revealed that their organisation does not have - or the employee is unaware of - any policy to remove company data from their laptop or other portable device when they leave the company.

Against this backdrop, Shulman recommends that, whilst companies scurry around to defend their digital assets against the apparent insider threat, they need to also need to defend against those members of staff who plan to take data with them when they move on to another organisation.

"Approaching a review of a company's security policies and controls from this angle means that the process is not as futile as some professionals think it is, but rather assesses and prioritises the largest risks in a logical manner," he added.

For more on the CyberSecurity Watch Survey:

Press releases you might also be interested in

Weitere Informationen zum Thema "Sicherheit":

E-Mail-Archivierung hilft bei Erfüllung der Compliance-Anforderungen

Die DSG­VO har­mo­ni­siert das Da­ten­schutz­recht in Eu­ro­pa und stellt den Schutz per­so­nen­be­zo­ge­ner Da­ten in den Vor­der­grund. Als ei­nes der meist ge­nutz­ten Bu­si­ness- Kom­mu­ni­ka­ti­ons­mit­tel ent­hält die E-Mail per­so­nen­be­zo­ge­ne Da­ten. So­mit trägt E-Mail-Ar­chi­vie­rung da­zu bei, der DSG­VO zu ent­sp­re­chen.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.