Biggest security threats are from inside: survey

Strategic Counsel survey finds external attacks decreasing, biggest threat comes from within.

The 1979 film "When a Stranger Calls" portrayed the terror-filled night of a young woman fielding prank and increasingly threatening calls that climaxed when the police determined "the calls are coming from inside the house." Today IT security executives experience a similar chill down their spine when they realize the biggest threat they face comes from internal security attacks and data breaches.

A recent survey conducted by The Strategic Counsel and commissioned by management and security software vendor CA showed that a majority of CIOs, CSOs, CTOs and other senior IT security executives consider security threats from within an organization a bigger threat to business than external attacks. The results revealed that 44% of respondents identified internal breaches as a key security challenge over the past 12 months, compared with 42% in 2006 and 15% in 2003. More than 34% of organizations reported a loss of confidential information as a result of security attacks and breaches, an increase from 22% in the same survey conducted in 2006.

External attacks are decreasing in numbers. According to the report, virus attacks decreased from 68% to 59% in the past 12 months, network attacks went down from 50% to 40% and denial-of-service attacks declined from 40% to 26%.

"The security breaches identified by IT security executives as most concerning are those coming from inside the company," says Lina Liberti, vice president of CA Security Management. "The external threats still exist, but IT security executives feel more confident that they can be quickly addressed, stopped or controlled to some degree. They identified internal security breaches and attacks as those with the biggest severity of consequences."

Internal breaches strike fear in the heart of IT security executives because of the company image blow and customer confidence issues that accompany an attack and that could expose confidential customer data and require public disclosure. Business costs associated with an internal breach include loss of productivity for 61% of survey respondents (up from 52% in 2006). Loss of trust and confidence on the part of the customer also increased to 35% in 2008 from 30% in 2006. And embarrassment on the part of the company suffering the breach grew to 33% this year from 28% in 2006.

"The implications are now tied squarely to dollars and reputation," Liberti says.

Senior IT executives have reason to worry, CA says, because the research also showed that an average of 8% of Americans feel "very confident" in the ability of U.S. retailers, government and banks to protect their personal data. Nearly 80% of the consumer group cited loss of trust and confidence, damage to reputation and reduced customer satisfaction as consequences of security and privacy breaches suffered by the businesses and government agencies with which they deal.

"It makes sense that customer confidence is not high because now more than ever consumers know more about computing, the Internet and the public breaches that companies have experienced," Liberti explains.

Consumers also feel companies could do more to protect their data. According to the survey data, 72% don't think retailers spend enough budget dollars on online security and privacy. Nearly 70% felt the same way about government agencies and 58% said major financial institutions could do more to protect customers. About one-third of senior IT executives polled agree, saying the investment their company makes in security is inadequate.

"Consumers aren't confident transacting online, and security teams know the threat is ever-changing and that their jobs are never done," Liberti says. "Security executives know they need to continue to spend in this area to help raise consumer confidence."

For the consumer portion of the study, a total of 400 telephone surveys were conducted among a random sample of the U.S. general population aged 18 to 65.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Denise Dubie

Network World
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?