Data breaches more likely to come from within

There has long been a view, perpetuated in part by Hollywood’s ridiculous portrayal of hackers, that the biggest threat to corporate IT systems comes from highly skilled, motivated computer experts bent on breaking into any protected network they can find.

It is easy to see why the danger of hack attack is once again front of mind for IT managers. We were still reeling from some of the biggest data breaches in corporate history when, in April, hackers minced Sony’s IT security and waltzed off with the passwords and account details of 100 million or so of its customers. The Sony breaches follow several similar high-profile data losses suffered by online service suppliers, including Play.com and Lush.

Despite these high-profile attacks and the Hollywood hype, hackers are not the biggest threat facing corporate IT security systems. That has, and always will, come from the enemy within. The fact is, companies are far more likely to suffer at the hands of their own malicious or incompetent staff.

An interesting case in point came up in April this year when a US Food and Drug Administration chemist was charged with insider trading. The individual, who had access to confidential drug approval data, began buying shares in companies that developed approved drugs before news of the approvals went public. The motive was clear: it is estimated the chemist trousered $3.6m (£2.2m).

Remember the recent leaking of sensitive US government documents to WikiLeaks? The list of documents is in the hundreds of thousands, with more than 76,900 documents about the conflict in Afghanistan, followed by a tranche of almost 400,000 documents about Iraq. We would hope the world’s superpower would have started to get its data house in order, but no. At the end of last year, WikiLeaks began releasing sensitive US State Department diplomatic cables before thrusting the knife into Washington in April, with the publication of some 800 secret documents relating to Guantanamo Bay prisoners.