Upsetting the conventional wisdom, a new study says outside threats to computer networks are more frequent than insider threats.
Verizon's 2008 Data Breach Investigations Report, which looked at 500 breach incidents over the last four years, contradicts the growing orthodoxy that insiders, rather than external agents, represent the most serious threat to network security at most organizations.
Seventy-three percent of all data breaches researched were attributed to outside threats. Insider threats accounted for only 18 percent of attacks, while business partners and multiple parties were blamed for 39 and 30 percent of all breaches, respectively.
Security analyst and blogger Bruce Schneier argues that this shouldn't be all that surprising: "There are a lot more outsider attacks, simply because there are orders of magnitude more outsider attackers."
Nevertheless, insider threats were the most costly of the various breaches. The report says external security breaches generally compromise a median of 30,000 records, while an insider security breach results in data loss affecting a median of 375,000 records. The severity of partner breaches came in the middle, accounting for a median of 187,500 records compromised.
"This supports the principle that privileged parties are able to do more damage to the organization than outsiders," says the report.
Most of the time, human error, such as not patching known vulnerabilities, aids cybercriminals' activities. Hacking and malcode were cybercriminals' most popular method of attack, according to the report.
Verizon recommends that an organization ensure essential controls are in place, monitor event logs, and find, track, and assess data to better secure its network.
"Accomplishing these goals," says the report, "will make it much more likely that attackers will pass over your organization in favor of more lowhanging fruit."