The enemy within

Everyone knows that predators are lurking about, ready and willing to steal data, and that the threats that come from everywhere in the world are numerous and real.

But Cooper Bachman of ID Analytics said that insider data thefts are emerging as major compliance and reputational risks for organizations. As we reported this week, the City of San Francisco learned this hard lesson when one of its employees gained sole access to their systems and locked everyone else out. Bachman said recent studies suggest that over 60 percent of data breaches originate from an internal source or event. This sad event makes it difficult to balance the protection of sensitive data while granting access to employees who need it.

In 2007, ID Analytics performed a study of more than a dozen incidents of internal data theft involving over five million identities from consumer and employee files across the government, education, and commercial sectors. It found that fraudulent activity resulting from internal data theft tends to occur in close proximity to the office location where the data was removed; that personal data stolen by an employee is misused more frequently than data obtained through an external breach; and that employees abusing internally stolen data behave in a similar manner to traditional identity thieves.

To read more about this threat:
- see this CSOonline.com article