A new cybersecurity survey found that cyber attacks perpetrated by so-called “insiders” — those with inside knowledge or authorized access — are viewed as the most costly and damaging to an organization.
The 2011 CyberSecurity Watch Survey conducted by CSO magazine and sponsored by Deloitte found that 33 percent viewed inside attacks as more costly, an increase of 8 percent over last year. The survey reports that while more attacks are caused by outsiders (58 percent), the insider threat is becoming increasingly sophisticated.
The use of rootkits and other hacker tools by insiders jumped from 9 percent last year to 22 percent this year.
Aside from the monetary losses, the insider threat could tar an organization’s reputation, disclose confidential or proprietary information or disrupt critical systems — all of which can be “difficult to quantify and recoup,” the survey finds.
And, even with insider threats likely only to grow, the public is often left in the dark. That’s because about 70 percent of insider attacks are handled by the organizations with no official legal action taken.
“Technical defenses against external attacks and leakage of well-formatted data like social security numbers and credit card numbers have become much more effective in recent years,” said Dawn Cappelli, technical manager of the Insider Threat Center at CERT, the federal agency tasked with monitoring cyber threats. “It is a much more challenging problem to defend against insiders stealing classified information or trade secrets to which they have authorized access or against technically sophisticated users who want to disrupt operations.”
The report also found that, overall, cyber attacks are on the rise. Twenty-eight percent of respondents said have seen an increase in the number of events, according to the study.
But, while attacks are increasing, they are not as financially damaging as in previous years, likely because of strategic and proactive steps that organizations are taking.