ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Network management Toolkit

Security: The threat within is greater than you think

Marguerite Reardon CNET News.com

Published: 12 Jan 2005 13:40 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The long arm of the law stretches
Over the past couple of years, outrage from customers and clients victimised by these schemes has spurred legislation at federal and state levels. New laws, including the Gramm-Leach-Bliley Act, Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act (HIPAA) and California's Database Protection Act of 2003, have made companies legally responsible for protecting individuals' personal information housed in their databases.

What leaks
The Ponemon Institute's data security study asked respondents what type of leaks they'd suffered. Because respondents could cite more than one category per incident, the percentages don't total 100.

  • 22 percent of leaks involved customers' personal data.
  • 10 percent involved workers' personal data.
  • 39 percent disclosed confidential business data.
  • 14 percent leaked intellectual property, including software code.
  • 16 percent: "Other".

While protecting personal information has become an important legal issue for companies, other sensitive information, such as intellectual property, leaked by insiders to competitors or to the public, can also have devastating financial consequences. The problem has become even more important as companies, particularly those in technology, increasingly outsource work.

"A lot of these outsourced employees have access to huge amounts of sensitive data," Ponemon said. "It's easy for them to download files or print them out and put them in a briefcase and carry them outside. In places like India or Latin America, where they are paid far less than counterparts in the US, stealing information and selling it can seem like [just] another source of revenue."

Most internal security breaches aren't the result of rogue employees, but are rather the result of negligence or error. Of the internal attacks cited in Ponemon's report, about almost 40 percent occurred because well-intentioned employees inadvertently caused security problems by how they handled sensitive information. Only 30 percent were attributed to malicious employees.

"Most internal security issues are due to organisational sloppiness," he said. "These aren't bad people. They are just trying to get a job done, but they aren't considering all the consequences to their actions."

Next

Previous

1 2 3


  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
171 out of 367 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Network management


Related Jobs

Senior Fraud Analyst, 30,000- 35,000, SAS, West Yorkshire

Clinical Project Manager - Employee focused - *HOME BASED*

VB.Net ASP.Net. Liverpool. Risk and Fraud. VB.Net Liverpool o 30,000

On The Road Blog

Skype Account Hijacking

Ok, I'm breaking my own rule already. I had promised myself that I would not write about Skype more than once a week, because honestly I'm sick of writing it, and I'm sure a lot of... More

Post a comment

Weather Station Net-book

Here's an engineering project for somebody and a reason for me to buy a netbook. A netbook would work because it is small and low-powered. An OLPC or an ASUS eee PC would be perfect... More

Post a comment

Dell "mini" coming on Thurs?

The Wall Street Journal is reporting that Dell might be finally about to announce is response to the netbook. The Journal claims the device will sell for under $400 and may be announced... More

Post a comment