Insider Threat Driving Many Data Loss Events

By Matthew Hines  |  Posted 2008-11-17 Print this article Print

Cisco published the final installment of its comprehensive study into data leakage trends last week, with the latest results highlighting the continued contribution of insider activity to the overall problem of electronic information loss.

According to the report, based on a survey of 10,000-plus workers worldwide conducted for Cisco by pollsters InsightExpress, both malicious and inadvertent incidents carried out by privileged insiders remain one of the leading drivers of undesired data exposure.

As with previously-reported findings of the Cisco research, the new results point to disconnect between perceptions of acceptable computer use among workers, IT security teams and IT management as the leading contributor to the problem of employee-driven data leakage.

For instance, a vast majority of the IT decision makers surveyed for the report replied that employee use of non IT-approved programs and applications contributes to between 1-24 percent of all corporate-related data loss and identity theft.

Roughly 40 percent of IT managers participating in the survey admitted to researchers that they have been forced to deal with workers who gained access to an unauthorized physical locations or networks in the last year. However, in some regions, including China, the issue has reared its head on an even more widespread basis, Cisco reported.

Another 40 percent of managers contend that their employees have allowed unauthorized outsiders to use their work devices or network privileges, highlighting yet another serious risk to information loss.

Among end users, 40 percent (apparently the report's magic number) of those people responding to the survey said that they have shared sensitive information with outsiders merely to gain feedback on their ideas. Another 30 percent said that they've done so to vent about the nature of their work, and said that they saw no reason to worry about doing so.

Some two-thirds of workers participating in the study admitted to engaging in routine activities that directly threaten data security, including behaviors such as leaving their computers unattended overnight without first logging off.

Only 50 percent of the end users surveyed for the report who work remotely said that they actively monitor their surroundings to ensure that they aren't being spied on, and in some countries, such as Japan, as many as 25 percent of workers indicated that they take no security measures at all when working outside of protected environments.

Among the other significant findings of the report were that 39 percent of IT professionals believe that insiders pose a greater risk for data leakage than external parties. Some 20 percent of IT pros replied that sheer negligence, versus malicious intent, remains the biggest issue among insiders.

Technologies including removable hard drives have also become a major concern for IT security pros, with roughly 30 percent replying that USB drives and other similar devices have become their most significant issue, followed by e-mail at 25 percent. Lost or stolen devices remain another major challenge, cited by 19 percent of IT pros as their greatest data security worry.

Some 10 percent of the workers participating in the survey admitted that they had lost or had a corporate device stolen in the past year, creating a data loss incident for themselves and their companies, Cisco said.

Purely malicious behavior, such as stealing and selling data or devices for a profit, seemingly remains less of an issue for most of the organizations represented in the research, but it is a surprisingly significant factor in information loss, with 10 percent of the workers responding to the study copping to either doing so themselves, or knowing a fellow employee who did so.

Cisco's internal security chief said that the blurring of work environments, rapid technological advancement and the demand by employees to use technologies they embrace at home in the workplace are other major data loss drivers.

"The blending of work vs. home and public vs. private means that data can be accessed, transmitted, stored and stolen from anywhere at any time," John N. Stewart, chief security officer of Cisco, said in a report summary. "As a result, the approach to data protection must change. From the largest corporate enterprise to the youngest consumer, we all share the responsibility to maintain awareness and discipline in protecting information. As we've said all along, this research presents an opportunity to evolve security toward a necessary combination of education, policy and technology."

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel