Tuesday, March 20, 2012

Internal issues still cause more data loss than outside attacks, says report

Internal issues still cause more data loss than outside attacks, says report

There isn't much surprise that most threats still come from the inside, whether malicious or negligent. In reality, many of the causes of the malicious/negligent/system glitches overlap and depends on how you look at them.

Looking at the report, it seems phishing seems to be under malicious, but can this also be classified as negligence? I don't know how many computers I have to get my techs to clean because someone opened a malicious pdf or file from their personal email. I guess I can see it being malicious, as ultimately, the phishing email was crafted by someone with malicious intent, whether it be to get someones bank account/PII or breach into a company.

Same goes for "theft of data bearing devices". Portable Hard Drives, Laptops, Thumb Drives, Backup Tapes, or other items. How many of these are due to someone intent on stealing from a specific company and how many of them are due to someone not following policy and leaving a laptop and portable hard drive on the passenger seat while they run inside 7/11 for a pack of smokes and to pay for gas? Most of the data on the latter probably never sees the light of day and is wiped before being sold somewhere.

Successful SQL injection or web site attack? Is this malicious or "system glitch" because the server admins didn't patch on schedule or follow procedure? Many of these could be one or the other and are probably determined by the investigation and, in some cases, whatever makes the company look better.

In general, if we could stop users from doing stupid things, and getting them to follow correct procedure, we could probably stop a lot of the current and continuing threats. Of course, the bad guys would just find another way in. :-)