Managers have every reason to fear their own employees, if they read the news. A few
months ago, an energy company auditor tried to steal $9 million
from the company he worked for. Last month, a data breach — an inside job — at
LexisNexis was linked to the mafia, according to a grand jury indictment.
Now a new study is aiming to understand the threat — and what enterprises can do to
minimize it.
The research, conducted by IDC on behalf of security firm RSA, found that every
enterprise interviewed had at least one breach during the past year, although the
majority (52 percent) were believed to be purely accidental.
Yet even accidental breaches cost money. “Organizations risk substantial and ongoing
damage when sensitive information, such as customer and employee personally identifiable
information (PII), design plans, source codes, and other types of intellectual property,
is accidentally exposed,” the survey said.
In some organizations, the threat is constant. “We surveyed about 400 CxOs,”
Christopher Young, senior vice president of products at RSA, EMC’s security subsidiary,
told InternetNews.com. “Those 400 got about 58,000 internal risk incidents over
the past 12 months.”
The report said that many incidents were caused by out of date or excessive user
privileges. These user privileges can cause failed audits, the report warned.
Read the rest at InternetNews.com.
