External Attacks – Bigger than we Thought?

For years risk and security professionals have been trying to escalate awareness about the frequency of insider attackers. We’ve been working to combat the perception that many “non-riskers” have that external pen test scans of firewalls and web applications are “cool” (heck Harrison Ford did a whole movie on firewalls) and the responsible assessment approach of interviewing employees, reviewing policies and procedures, performing scans on internal assets, and creating risk/benefit analysis – yawn inducing. How many times have you heard something like this: “The inside is safe, I trust my employees”?

But we know internal matters! And we’ve been pressing this point for so long that when an IBM executive mentioned that “90-95% of attacks” initiate from inside at this week’s Security Summit – no one raised and eyebrow. Yeah, yeah – we’re security people, we *know* that.

Or do we? Dark Reading just published a thoughtful piece on “Why Risk Management Doesn’t Work” and in it references both the RSA report that Ed discussed earlier this week and a Verizon report on data breaches. The Verizon report is an analysis of hundreds of actual breaches across multiple verticals.

The entire report is worth reading, but the finding that really got me checking my assumptions was this: “data compromises are considerably more likely to result from external attacks than from any other source. Nearly three out of four cases yielded evidence pointing outside the victim organization. . . . Internal sources accounted for the fewest number of incidents (18 percent), trailing those of external origin by a ratio of four to one.”

Four to one? Hmmm…that’s definitely something to think about.