Increasing? Now?
-
From CP newsletter Majority of companies not prepared for insider threats[^] "While 76 percent of organizations have detected increased insider threat activity over the past five years" "The survey data shows that 74 percent of cybersecurity professionals are most concerned with malicious insiders within their organization in 2024, which is an increase of nearly 25 percent when compared to 2019" About 15 years ago I was able to see a high priced report from a company that specialized in handling data breach problems within large companies. At that time it reported that people working inside of companies were responsible for 90% of the data theft problems that the company dealt with. I doubt there was some incredible decrease since then in internal theft. Thus no increase now. I even wonder if those that participated were in fact underestimating the threat that already exists. Amusingly enough, well in a certain way, I worked for a company where the CEO (and majority stock holder) had to make an emergency exit from the country as there was a felony arrest warrant issued due to how he was managing the company. Bet those security experts are not looking in that direction.
-
From CP newsletter Majority of companies not prepared for insider threats[^] "While 76 percent of organizations have detected increased insider threat activity over the past five years" "The survey data shows that 74 percent of cybersecurity professionals are most concerned with malicious insiders within their organization in 2024, which is an increase of nearly 25 percent when compared to 2019" About 15 years ago I was able to see a high priced report from a company that specialized in handling data breach problems within large companies. At that time it reported that people working inside of companies were responsible for 90% of the data theft problems that the company dealt with. I doubt there was some incredible decrease since then in internal theft. Thus no increase now. I even wonder if those that participated were in fact underestimating the threat that already exists. Amusingly enough, well in a certain way, I worked for a company where the CEO (and majority stock holder) had to make an emergency exit from the country as there was a felony arrest warrant issued due to how he was managing the company. Bet those security experts are not looking in that direction.
I agree that internal threats are probably greater. Looking outwardly is a low percentage proposition. Looking inwardly is a target-rich environment. But management doesn't want to hear that. I see a lot of ads about cyber security certification, and I expect that many of the students who get those aren't yet tuned into corporate politics. What the report might actually be indicating is an increase in new cyber security "experts" who haven't yet learned where not to look.
-
From CP newsletter Majority of companies not prepared for insider threats[^] "While 76 percent of organizations have detected increased insider threat activity over the past five years" "The survey data shows that 74 percent of cybersecurity professionals are most concerned with malicious insiders within their organization in 2024, which is an increase of nearly 25 percent when compared to 2019" About 15 years ago I was able to see a high priced report from a company that specialized in handling data breach problems within large companies. At that time it reported that people working inside of companies were responsible for 90% of the data theft problems that the company dealt with. I doubt there was some incredible decrease since then in internal theft. Thus no increase now. I even wonder if those that participated were in fact underestimating the threat that already exists. Amusingly enough, well in a certain way, I worked for a company where the CEO (and majority stock holder) had to make an emergency exit from the country as there was a felony arrest warrant issued due to how he was managing the company. Bet those security experts are not looking in that direction.
Yep, 17 years ago I was already installing a honey pot/logger for internal users trying to grab stuff they shouldn't from a web app serving technical drawings. Try having a Chinese subsidiary, you'll soon find out about internal data breaches!
So old that I did my first coding in octal via switches on a DEC PDP 8