Hello,

I'm rewriting a white paper for an IT services company and I'd like to
add a statistic of the percentage of hacks or security breaches that
come from inside a company.

Thanks!

Hello, marykayems-ga!

 
 Recent research claims that most security breaches come from within the company.


"Despite the publicity received by external security threats, attacks
from within are a great risk.

* In fact, among the TMT companies whose security was breached in the
last 12 months, half were attacked from inside the company.

Less than half (47 percent) of respondents said they were very
confident that their infrastructure is property protected against
internal attacks, as opposed to almost two-thirds (63 percent) for
external attacks. The vast majority of TMT companies (83 percent) said
they are concerned about employee misconduct involving information
systems."

See "More Than Half Of Tech Companies Admit Breaches In Past Year, Not
Sufficiently Funding Security, Says Deloitte Report." Deloitte.
6/21/06
http://www.deloitte.com/dtt/press_release/0,1014,sid%253D2283%2526cid%253D122077,00.html


==


"A recent Ponemon Institute survey of 163 Fortune 1000 companies found
that roughly 70 percent of all reported security breaches were due to
insiders."

"It's much more glamorous to think of the hacker who works for some
large cyber-crime ring," said Larry Ponemon, head of the Tuscon,
Ariz., think tank. "But in reality, those characters only make up a
small percent of the problem."

Read "Securing data from the threat within," by Marguerite Reardon,
CNET News.com. January 11, 2005
http://news.zdnet.com/2100-1009_22-5520016.html


==


"According to a study by the FBI, an estimated 70 percent of these
network breaches originate from within. While there is an increased
awareness and improved technology to cope with some threats such as
viruses, unauthorized access to information is on the rise,
representing a loss of more than $303,000. per incident."

"As Gartner analyst Rich Mogull warned, "Corporate networks are like
candy bars: hard on the outside, soft and chewy on the inside." He
cautions, "Perimeter security alone doesn't guard against all the
threats enterprises face, such as malicious internal staff, [or]
physical theft of machines...Enterprises must also protect content and
data with internal security controls, including appropriate use of
encryption, vulnerability management, identify management, and
activity monitoring."

Read "Data Security's Achilles Heel," by Adam Bosnian, Cyber-Ark. 
February 07, 2006 http://www.line56.com/articles/default.asp?ArticleID=7315


==


Security policies are still lacking in many industries:

"It may sound simple, but it is a fact: most companies and agencies
lack the basic policies and enforcement of information assurance
across the organization. Based on results from the CompTIA survey,
only a slight majority of organizations (51 percent) have a written IT
policy in place. IT security policies are more common in the financial
services industry (62 percent), government (58 percent) and education
(41 percent)sectors. IT organizations are the least likely industry
sector to have a security policy in place - only 35 percent do,
according to the survey."

Read "Assuring Global Information Security Across the Organization,"
by Martin Bean. ISSA Journal. April 2005
http://www.newhorizons.com/elevate/Assuring%20Global%20Information%20Security%20Across%20the%20Organization.pdf


==


Also read "Enterprise Security Threats Increasingly Come from Within,"
By  Matt Hines. March 22, 2006
http://www.eweek.com/article2/0,1895,1941428,00.asp


==


 I hope these references provide some helpful statistics for your research!


Sincerely,

umiat

Search Strategy
percent of security breaches are from inside the company
security breaches come from within company

This is very helpful and very thorough.

Thank you!
Marykayems

Thank you for the kind words, 5-star rating and generous tip. I am so
glad I could help!