Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Network Security – Inside Out or Outside In?

This month has been a big one in terms of new research and survey data, including AlgoSec’s State of Network Security 2013 as well as Verizon’s 2013 Data Breach Investigations Report, among o

This month has been a big one in terms of new research and survey data, including AlgoSec’s State of Network Security 2013 as well as Verizon’s 2013 Data Breach Investigations Report, among others. These reports take different approaches that eventually all point back to the same area – how to better secure your network and information from all of the bad stuff out there in the world.

Our survey findings asked security and network operations professionals their opinions on a variety of questions around greatest risk, greatest security management challenges, etc. Verizon’s report analyzes thousands of reported breaches. While there are many great data points in both of these, one where these reports diverge is around insider vs. outside threats.

Verizon’s report notes that a whopping 92% of breaches are perpetrated by outsiders while 14% are committed by insiders, 1% implicated by business partners and 7% involving multiple parties. So clearly external threats are the greatest risk right?

According to the State of Network Security 2013 findings, almost 63% of respondents identified “insider threats” as the greatest organizational risk. Breaking this down a bit, employees accidentally jeopardizing security through data leaks or similar errors ranked as the greatest concern for 40.5% of this year’s survey respondents, while malicious insider threats ranked second, with nearly a quarter of respondents listing it as their greatest risk. More than two-thirds of respondents further expressed concern that allowing employees to “bring your own device” increased the risk of security breaches.

Biggest Security Threat Survey

Source: The State of Network Security 2013, AlgoSec, April 2013

So which report is correct? And how should we as security practitioners use information from these reports and others to better plan our defenses? Here are five things to consider before you try to answer these questions:

1. It should be noted that these findings and analysis are based on different methodologies – analysis of reported threats and opinion-based data from security professionals. And as with any report, even if unintended, there is almost always some bias built in.

2. Threats are coming from inside and outside the corporate walls, due to human error and/or malicious activity with many different motives. The prioritization of this may be different in each organization, but threats from both ends are real and must be accounted for. Think about what information is highly valuable in your organization and go from there.

Advertisement. Scroll to continue reading.

3. It’s not simply a matter of the quantity of attacks, one should also take into consideration the potential for inflicting serious damage – An insider is someone who by nature has more access because they are “trusted”.

4. The Verizon report notes that “… a growing segment of the security community adopted an ‘assume you’re breached’ mentality”. This is something I wrote about on SecurityWeek last year and which is how you should look at your network and security approach before you add on more tools.

There are plenty more considerations, but at the end of the day (does the day EVER end for a security pro?!), you must determine what makes the most sense for your organization. Understand your organization’s risk appetite and understanding/willingness of the company to change its culture and become more security-sensitive. Look for ways to improve security without slowing down the pace of business. And of course let the debate and discussion continue!  

Related: Most Attacks Are External, But Never Underestimate The Insider Threat

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

A zero-day vulnerability named HTTP/2 Rapid Reset has been exploited to launch some of the largest DDoS attacks in history.