Today, insiders represent the single biggest security threat for the simple reason that we haven’t addressed the problem. That’s because IT designed to prevent intrusion from the outside cannot handle the task of keeping confidential data inside the organization. Yet according to Gartner Inc., 84 per cent of high-cost security incidents occur when insiders send confidential data outside the company.
It’s easy to see why insiders, not hackers, now pose the greater threat. To violate information security, an intruder has to figure out how to break into the network, then locate, obtain and distribute the desired data — all without being detected by today’s highly effective firewall, network security and intrusion-detection systems.
On the other hand, think of all the people inside the company who have ready access to customer, employee, product and financial data. These same people also have instant access to the Internet. How easy is it for a call centre representative to e-mail confidential customer data to a competitor? Or for a software engineer to send source code out along with his resume? And what’s to stop an administrative employee from leaking quarterly earnings via instant messaging?
With confidential customer data and intellectual property just a keystroke from the Internet, every organization is at risk. Common sense tells us the insider threat is huge, and industry research confirms it. Vontu’s risk assessment studies reveal that one out of every 500 outbound e-mails contains confidential customer, employee or financial data, intellectual property or competitive information. Our research further indicates that 95 per cent of data loss incidents are unintentional.
Today’s network security systems are mostly designed to prevent intrusion from outside the network. To stop an insider threat, software has to meet entirely different requirements.
First, it must not only detect every single security violation based on discrete policies and content, but it must also proactively prevent the transmission of confidential data outside the network. It must provide the ability to accurately measure and reduce risk over time. And it must let users manage information security throughout the enterprise and even, in some cases, across multiple companies, such as outsourcing partners and distributors.
Software vendors have been slow to address these requirements, which is one reason why the insider threat looms so large. But that’s changing. Data-matching technology has evolved to the point where we can index actual database entries with 100 per cent accuracy, up to two billion data cells on one server. Software technology can monitor and analyze a range of variables over time, from content patterns and relationships to sender and recipient attributes, network protocols and gateway locations.
So the bad news is, yes, the insider threat has become the No. 1 security issue facing corporations today. The good news is help is on the way.
Ansanelli is founder and CEO of Vontu, a vendor of data loss prevention products. He can be reached at ceo@vontu.com.