After encountering a lot of IT representatives from different companies, I am surprised to find that the majority of them still believe that most of the security breaches originate from inside the company.
Michael Kassner has written an excellent article, definitely worth reading, at the Tech Republic last year on why such a belief no longer applies today. Kassner references the CSI/FBI Computer Crime and Security Survey which asks organizations to estimate the percentage of internal attacks they encountered. The results of survey is displayed in the following graph:After doing some statistical analysis, the estimated overall average of security breaches that originate from internal attacks is less than 16%. The difference is overwhelmingly significant that likely any margin of error such as the "different point of view" 's in Kassner's article would still have little effect in proving contrary beliefs.
Hence, allocating your IT security budget of your organization can be calculated by a simple risk management formula. Let,
E = the average financial impact including losses that may result due to an external attack on your organization. The impact may include financial or information thefts, reputation, loss of productivity, recovery, etc.
I = the average financial impact including losses that may result due to an internal attack on your organization.
Further readings:
http://www.pcworld.com/businesscenter/article/147098/insider_threat_exaggerated_study_says_.html
BEC Scammers Adventures on the Run
-
Last week the case of Valentine FOMBE was finally brought to a close. FOMBE
was sentenced to 144 months in Federal prison and ordered to pay $325,856
in...
4 weeks ago
No comments:
Post a Comment