To be honest, I had thought that disgruntled or fired admins pose more of a threat, but it turns out that regular employees are enjoying digital crime just as much. The same report goes on to say that two-thirds of data breaches attributed to insiders were intentional.
If we add in users with nonmalicious intent, the percentage of insiders involved (wittingly or unwittingly) in a malicious attack is probably at least 80 percent. These days, most malicious attacks employ socially engineered Trojans, where someone is tricked into installing malware. If you include unknowing accomplices, insiders are directly responsible for every attack that succeeds in breaching outer defenses using spam or phishing.
According to the Microsoft Security Intelligence Report 8, almost 80 percent of the successful malware threats detected and cleaned in the last quarter of 2009 probably required some level of human complicity, such as installing Trojans, spyware, or downloaders. Computer viruses -- that is, self-replicating code -- even require human execution to initially launch. (I can exclude users from blame for successful attacks via exploit code and perhaps worms if they resulted from a lack of patching and so on.) The Microsoft report doesn't even discuss attacks that result from spam, spear phishing, intentional maliciousness, and misconfiguration mistakes.
Personally, I think I may have spent too much of my career focusing on external attacks. Rogue employees make the headlines from time to time, but not nearly as much as the external attacker. Maybe hacker or worm attacks are just too sensational sounding compared to a dishonest employee.
Now, I have a newfound respect for the significance of insider threats. If even the lowest figures are at 20 percent, it means we should have been focusing at least one-fifth of our career energies on defenses deployed to catch our coworkers and friends.
If you're interested in how to detect and prevent insider attacks, I'll be publishing a paper for on the subject soon, and I'll provide a link in my blog when it's available.
This story, "The true extent of insider security threats," was originally published at InfoWorld.com. Follow the latest developments in security and read more of Roger Grimes's Security Adviser blog at InfoWorld.com.