The latest CSI Computer Crime and Security Survey is available for download this month, and great reading it is.
One of the more interesting trends is the prevalence of non-malicious insiders as a cause of losses:
"Twenty-five percent of respondents felt that over 60 percent of their financial losses were due to non-malicious actions by insiders."
Which is, well, a lot. In fact, only just over 34% had no losses from non-malicious insiders. What this means is that organizations are still struggling to manage insiders, and the opportunity for folks simply doing their job to cause a breach or other financial loss is significant. People are busy; they have things to do, and sometimes mistakes get made.
The challenge for security organizations is to put in place the right controls to reduce the risk of an incident, while not overly restricting the ability of well-meaning employees to do get things done. Usually there is some obvious, low-hanging fruit, such as overly broad privileges being granted without thought to the risks involved, or simply just having too many administrators. The right long-term solution though, is to have good change detection, good configuration management, and a well-integrated security program that can not only reduce risks, but quickly identify when a mistake has been made that could end up costing money.
Of course, it takes a little time to get there, but the tools are available, and the clearly the need is becoming more visible than ever. After all, if you can't protect your organization from Bob, who's just trying to get that last change in Group Policy in place at 2 am on Saturday morning so he can go home, how are you going to keep out the likes of this fellow?
Posted
Dec 11 2009, 11:03 AM
by
Geoff Webb