Insider leaks have beat out viruses as the most reported security risk by companies and government, reports TechWorld.com.
The annual Computer Crime and Security Survey for 2007 [by the Computer Security Institute] surveyed 494 security personnel from U.S. corporations and government agencies, finding that insider incidents were cited by 59 percent of respondents, while only 52 percent said they had encountered a conventional virus in the previous year.
Both insider and virus incidents have been falling since a high in the year 2000, but this is the first time insider incidents have been more reported than viruses. The CSI defines such incidents in a very general way, covering abuses such as leaking or stealing company information, using pirated software, or accessing pornography.
Although viruses still occupy the second most reported risk, theft of laptops and mobile devices is trailing closely behind.
The article notes that CSI warns readers to be circumpsect about taking the survey's findings too literally though.
The CSI steers away from drawing hard conclusions from the survey figures, noting more than once that security vendors have a vested interest in promoting their own particular area of business, including insider threats, as the most pressing one for companies to protect themselves against. This makes it hard to judge the seriousness -- as opposed to the incidence -- of specific threats.
However, at The Security Standard conference last week in Chicago, insider leaks were also fingered as a dangerous security threat to businesses, according to PC World.
And while companies like to talk tough, declaring they'll stop insider leaks, Nick Selby, senior analyst and director of The 451 Group, said that's a fantasy—a determined and talented professional can beat any anti-data leak tool on the market today.
Instead, companies "should concentrate on mistake avoidance and compliance," he said, considering 98 percent of all leaks are due to "stupidity or accident."