Monday, February 4

Users Cutting Corners, Not Crooks, Are Main Inside Threat

Thanks to IT Business Edge for taking some time to speak with me about the insider threat. Now, I'm going to take a moment to argue with myself on one point. While I do think non-malicious breaches occur far more often than their malicious counterparts, I do also concede that so far it appears that the malicous attacks have brought about more monetary damages (which is usually the bottom line in corporate environments). So, the question of which is a bigger threat probably depends on which beans you're counting. Strictly from an audit and policy perspective, you want to be sure that policies are being enforced, which is why the numerous security breaches we often see in our daily routines seem like a bigger threat. They're more likely to cause problems in an audit or compliance project. And they open holes which can be exploited during malicious attacks. So, if you don't patch the holes that are often exploited by non-malicious personnel, it could come back to bite you in the bottom line.

No comments: