Insider Security Threats Double in Past Year

Security breaches due to insider action have more than doubled since 2007, according to a new report. One organization is working on an insider risk assessment service.According to the report from the Identity Theft Resource Center, nearly 16 percent of breaches so far this year came from insiders, up from 6 percent in 2007, and 11.7 percent came from attackers outside the company, down from 14.1 percent last year. Data stolen from laptops, thumb drives, and PDAs accounted for 20.2 percent of the breaches; accidental exposure by the organization accounted for 15.2 percent, while loss or theft by a subcontractor tallied 13.5 percent.

Meanwhile, Carnegie Mellon Software Engineering Institute?s CERT Program is developing an insider risk assessment pilot program to help organizations determine their vulnerability to insider breaches. The program, based on data gathered from more than 300 incidents, will become a full-fledged service next year and may eventually be turned into a software tool.DarkReading