Data Exposures – the Enemy Within
In January 2013, more than 100 IT professionals who use SAP software and are involved in security and control activities were polled by Turnkey Consulting, a specialist GRC and IT security company. One of the findings, which I have seen substantiated in several Ponemon Institute reports, is that internal security exposures are quite high. In this article, the survey responses indicated that 36% of the organizations had experienced an internal security exposure. According to Ponemon, the stakes are even higher and attribute 70% of organizational breaches to a mistake or malicious intent by an organization’s own staff.
Even if we agree to compromise on a number, the possibility of a security attack from within is rather frightening. Why is this so? I would like to think it is simply due to end user error as opposed to malicious intent. This poses even more challenges for those responsible for digital security. What is deemed confidential will vary within the organization and can change. The possibilities for exposures and potential portability of confidential information are endless.
The survey did not delve into what was exposed, but 36% actually did have an internal exposure. How do you handle unstructured and semi-structured content as it is ingested and created constantly? Do you address this to ensure everything is properly secured? Do you identify and quantify the risk? I am looking forward to your insight.