Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Network Security – Inside Out or Outside In?

This month has been a big one in terms of new research and survey data, including AlgoSec’s State of Network Security 2013 as well as Verizon’s 2013 Data Breach Investigations Report, among o

This month has been a big one in terms of new research and survey data, including AlgoSec’s State of Network Security 2013 as well as Verizon’s 2013 Data Breach Investigations Report, among others. These reports take different approaches that eventually all point back to the same area – how to better secure your network and information from all of the bad stuff out there in the world.

Our survey findings asked security and network operations professionals their opinions on a variety of questions around greatest risk, greatest security management challenges, etc. Verizon’s report analyzes thousands of reported breaches. While there are many great data points in both of these, one where these reports diverge is around insider vs. outside threats.

Verizon’s report notes that a whopping 92% of breaches are perpetrated by outsiders while 14% are committed by insiders, 1% implicated by business partners and 7% involving multiple parties. So clearly external threats are the greatest risk right?

According to the State of Network Security 2013 findings, almost 63% of respondents identified “insider threats” as the greatest organizational risk. Breaking this down a bit, employees accidentally jeopardizing security through data leaks or similar errors ranked as the greatest concern for 40.5% of this year’s survey respondents, while malicious insider threats ranked second, with nearly a quarter of respondents listing it as their greatest risk. More than two-thirds of respondents further expressed concern that allowing employees to “bring your own device” increased the risk of security breaches.

Biggest Security Threat Survey

Source: The State of Network Security 2013, AlgoSec, April 2013

So which report is correct? And how should we as security practitioners use information from these reports and others to better plan our defenses? Here are five things to consider before you try to answer these questions:

1. It should be noted that these findings and analysis are based on different methodologies – analysis of reported threats and opinion-based data from security professionals. And as with any report, even if unintended, there is almost always some bias built in.

2. Threats are coming from inside and outside the corporate walls, due to human error and/or malicious activity with many different motives. The prioritization of this may be different in each organization, but threats from both ends are real and must be accounted for. Think about what information is highly valuable in your organization and go from there.

3. It’s not simply a matter of the quantity of attacks, one should also take into consideration the potential for inflicting serious damage – An insider is someone who by nature has more access because they are “trusted”.

4. The Verizon report notes that “… a growing segment of the security community adopted an ‘assume you’re breached’ mentality”. This is something I wrote about on SecurityWeek last year and which is how you should look at your network and security approach before you add on more tools.

There are plenty more considerations, but at the end of the day (does the day EVER end for a security pro?!), you must determine what makes the most sense for your organization. Understand your organization’s risk appetite and understanding/willingness of the company to change its culture and become more security-sensitive. Look for ways to improve security without slowing down the pace of business. And of course let the debate and discussion continue!  

Related: Most Attacks Are External, But Never Underestimate The Insider Threat

Written By

Click to comment

Expert Insights

Related Content

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cybersecurity Funding

Forward Networks, a company that provides network security and reliability solutions, has raised $50 million from several investors.

Network Security

Cisco patched a high-severity SQL injection vulnerability in Unified Communications Manager (CM) and Unified Communications Manager Session Management Edition (CM SME).

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...