More Attacks Coming From Outsiders, Insider Attacks More Costly
Date of Publishing:31/01/2011
More attacks are coming from outsiders, but attacks coming from insiders are showing to be more costly to organizations, according to a recent survey. Additionally, the survey, the 2011 CyberSecurity Watch Survey sponsored by Deloitte and conducted by CSO Magazine, revealed that organizations are seeing more cybersecurity related events, but the events, on average, are costing significantly less than in the previous year.
Interestingly, twenty-eight percent of respondents have seen an increase in the number of events in the 2011 study and 19% were not impacted by any attacks, compared to 40% in the 2010 study.
"Organizations are becoming more strategic in how they prevent and respond to cybersecurity events such as the advanced persistent threat (APT)," said Ted DeZabala, national leader of Deloitte's Security & Privacy services. "However, while the survey suggests that the annual monetary losses from events have dropped from $395,000 in 2010 to $123,000 per organization in 2011, we believe these numbers are a result of organizations associating incidents to different domains such as privacy and fraud rather than traditional cybersecurity. Further, this metric alone could be misleading as reported events, sophistication of attacks and external attribution have all increased while the perceived effectiveness of technology-based defenses has decreased."
Insider Attacks Are More Damaging
The 2011 CyberSecurity Watch Survey uncovered that more attacks (58%) are caused by outsiders (those without authorized access to network systems and data) versus 21% of attacks caused by insiders (employees or contractors with authorized access) and 21% from an unknown source; however 33% view the insider attacks to be more costly, compared to 25% in 2010. Insider attacks are becoming more sophisticated, with a growing number of insiders (22%) using rootkits or hacker tools compared to 9% in 2010, as these tools are increasingly automated and readily available.
Not only are insider attacks monetarily costly, but they also cause additional harm to organizations that can be difficult to quantify and recoup. Harm to an organization's reputation, critical system disruption and loss of confidential or proprietary information are the most adverse consequences from insider cybersecurity events, according to respondents. The public may not be aware of the number of insider events or the level of the damage caused because 70% of insider incidents are handled internally without legal action, which is consistent with the 2010 study.
"Technical defenses against external attacks and leakage of well-formatted data like social security numbers and credit card numbers have become much more effective in recent years," said Dawn Cappelli, technical manager of the Insider Threat Center at CERT. "It is a much more challenging problem to defend against insiders stealing classified information or trade secrets to which they have authorized access or against technically sophisticated users who want to disrupt operations. CERT has been working with government and industry groups to develop solutions to this problem using commercial and open source tools. We invite organizations to share their insights with us."
For more news in details you can visit: