Client Login
 Quick Contact
Insiders are more responsible for data loss in businesses than outside attacks.
Category : General 17 Dec 2010 02:19 AM | Industry News
Dietmar Kenzle, regional sales director for Germany, Austria, Switzerland and Eastern Europe at Imperva, said: “Employees within a company that have privileged rights are increasingly becoming the focus of IT security managers. The ability to directly access company databases is enough motivation to turn a regular employee into a potential criminal.
Kenzle added: "Concerns of a different kind are evident in the transfer of sensitive data to the cloud. Certainly there will be common problems in the foreseeable future as current research shows that many companies are still skeptical about this step. Many perceive the risks in having all their information stored in a virtual stratum to be too great as it still remains to be seen which security mechanisms will provide the most reliable protection. The use of a web application firewall - especially in a third-party managed service - is an essential building block made within a security framework for the cloud."
"More than anything, this highlights something we've been saying for some time, namely that with insider threats, IT managers are fighting a less visible, but not less difficult threat in addition to the well publicized external threats. Staff are precisely the people who have access to data that needs to be secured and carefully controlled," said Amichai Shulman, CTO of Imperva.
In addition, the survey shows that the insider threat is not always the potentially rogue employee for whom a background check has been completed - staff also need to be monitored during their employment as the information may not necessarily be ‘maliciously’ downloaded after the termination notice but rather information was rightfully obtained and collected by the employee over time and actually should have been removed upon termination by the IT team.
The problem with the insider threat in this case, the Imperva CTO says, is drawing the line between what is company intellectual property and what are your skills that you have established over the years. There should be a clear distinction between an employee’s claim regarding the ownership of certain knowledge and the ownership of any materialized form of that knowledge.