Security Czar Highlights Insider Threats
Posted by Todd Chambers - CMO on Wed, Dec 23, 2009
Melissa Hathaway served as Senior Advisor to the Director of National Intelligence and Cyber Coordination Executive during the administration of President George W. Bush, and as Acting Senior Director for Cyberspace for the National Security Council during the administration of President Barack Obama.
In her recently posted perspective on the state of cybersecurity ("Five Myths About Cybersecurity") published in the ExecutiveBiz Blog she highlights the following:
- Myth 1: Consumer protection exists in cyberspace
- Myth 2: Firewalls and virus scanners protect my computer and my enterprise
- Myth 3: My government has the solution and will protect me
- Myth 4: Physical assets are more valuable than information
- Myth 5: Laws are keeping pace with technological innovation
It is interesting to note that she specifically points out that "Few software programs protect us from the insider threat..." which according to a Verizon Business Breach Survey, accounts for approximately a third of all breaches.
This is especially concerning when you consider that a recent survey entitled "the global recession and its effect on work ethics", carried out by Cyber-Ark, found that 48% respondents admit that if they were fired tomorrow they would take company information with them. And a quarter of workers said that the recession has meant that they feel less loyal towards their employer.
It seems clear that protecting your organization from insider threats, and even external threats made possible by the inappropriate use of insider access (zombie accounts, weak password practices...) should be a key part of your Access Assurance strategy. The myth of being protected is not a strategy, so, how safe is your environment?