Sister CISA CISSP

Sep 10 2008   4:24PM GMT

Data Loss Due to Insider Access = Much Higher Risk

Arian Eigen Heald Arian Eigen Heald Profile: Arian Eigen Heald

Similar to the Countrywide data theft, a recent news report from Korea highlights the theft of 11 million email addresses and national identification numbers.

Two out of the four people arrested were employees of a Call Center (does this make you nervous? Me, too) and acquired the information and pushed it into Excel files for easy sorting. (Nice of them.) Two compatriots helped burn CDs and DVDs with the information, to make selling it easier. Quite the nice home-grown production.

As much as we have to be concerned about external breaches, it appears that data theft from an internal source carries a much higher risk of fraud.

A study from ID Analytics suggests that consumers victimized by insider data theft — theft by an employee — are 12 times more likely to be ultimately hit by fraud than victims of an accidental data loss, like a lost laptop computer. According to the latest Computer Security Institute report, insider threats are up 17 percent this year.

“For the most part a company doesn’t lose its data, they lose your data,” Bruce Schneier tells the Business Technology Blog. (emphasis mine)

When an insider wants information he/she can sell, where does she go? To the corporate databases. HR records, Payroll, and Medical Administration Plans.

The only way to catch a thief is to watch for him.

Next: More on Auditing Databases

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Suzanne Wheeler
    You're right on the mark with this. It is so easy for an insider to glean data from the information system. I worked for a Social Security law firm and it boggles my mind at the amount of sensitive data we worked with every day. It's no wonder we had shredders always within reach, security cameras, and excellent IT forensics to track computer use.
    360 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: