Your Employees May Be Causing That Data Drip, Drip, Drip You're Hearing
Four times out of five, when a company or organization suffers a data leak, it's not the work of an outside hacker. Instead, it's the work of an employee, either on purpose or due to a mistake, according to a recent study. What's more, over half the time, breaches are discovered by accident, rather than by audits or employees owning up to errors.
Mar 12, 2012 5:00 AM PT
Nearly 80 percent of organizations have experienced a data breach in the last two years due to employee negligence or maliciousness.
A surprising discovery by the researchers was how most breaches are discovered, according to Jon Clay of TrendMicro.
"Fifty-six percent found out about a breach by accident," he told TechNewsWorld. "Thirty-seven percent were found out by an audit or assessment."
"Only 19 percent of the breaches were reported by employees -- probably because they're afraid they'll be fired for losing something or not doing something right," he added.
The top three root causes for breaches, the study found, are employees' loss of a laptop or other mobile data-bearing devices, third party mishaps or flubs, and system glitches.
"Despite growing concerns about cyber crime, only 8 percent report an external attack as the primary root cause of a data breach experienced by their organizations," the researchers wrote.
Hackers Need to Regroup After Raid
After flipping the leader of LulzSec, an offshoot of the hacker collective Anonymous, the FBI last week arrested five of his fellow hackers in raids that extended to the United Kingdom and Ireland. The leader, Hector Xavier Monsegur, 28, also known as "Sabu," was arrested last June in New York City. Since that time, according to authorities, he has been working undercover for the federal law enforcement agency.
During a 50-day rampage last year, LulzSec wreaked havoc on the websites of HBGary, Sony Pictures, Fox, the FBI's InfraGard network and PBS, in addition to government systems in Algeria, Yemen and Tunisia.
Following the arrests, Anonymous vandalized the websites of Panda, an antivirus software maker in Spain, and a New York City police supplier, as well as posting to the Web some out-of-date code for Symantec's Norton antivrus program.
The tepid response to the arrests could be a sign that Anonymous is in disarray. The raids will have an impact on how Anonymous operates, according to Jeffrey Carr, CEO of Taia Global and author of Inside Cyber Warfare: Mapping the Cyber Underworld.
"Trust has essentially evaporated in that group," he told TechNewsWorld.
"They'll have to install some type of trust mechanism because they don't know how deep the FBI's informants list runs," he added.
"That's going to slow down their activities, but it surely won't stop them," he said. "Anonymous will continue to cause problems."
Sony Finances Anonymous
Less than a year ago, entertainment giant Sony was the target of a series of hacker attacks that exposed on the Internet personal information for some 77 million of its customers. Sony blamed the hacker collective Anonymous for the breach. So it's unlikely that the company was happy to learn last week that it was indirectly subsidizing a legal fund established to defend members of the Guy Fawkes cult.
For its US$50 million marketing campaign to promote its new Vita portable gaming system, Sony reportedly bought the rights to a song by Atari Teenage Riot. Sony is just using the music from the song for the campaign, but had it listened to the track's lyrics it might have realized where the band's sympathies lay. The lyrics are sprinkled with references to Anonymous.
Alex Empire, a member of the band, explained in the group's blog that the licensing fees paid by Sony for the song would be funneled to the Anonymous Solidarity Network, also known as "FreeAnons."
- March 2: In protest of the ACTA agreement, hackers breached a film website in Panama and posted nearly 1,200 user names and password hashes to the Internet.
- March 2: The Ministry of Finance for Trinidad was beached and more than 50 email addresses and phone numbers posted to the Internet.
- March 4: Hackers reportedly breached Sony Music computers and stole 50,000 music files, most recorded by late pop star Michael Jackson.
- March 7: Twitter suspended the account of LindenLeaks, an individual who posted on the service the names, grades, majors, phone numbers and email addresses of 180 students suspended last fall from Lindenwood University in Missouri.
- March 7: McGill University shut down a website exposing information about donors to the school, including how much they'd given in the past, how much the university wanted from them to give now, their home addresses, personal phone numbers and connection to the university.
- March 13: Advancing the Intelligence Community: Harnessing the Power of Cloud Computing. 7:30 a.m.-9:30 a.m. National Press Club, Washington, D.C. Sponsored by Intelligence and National Security Alliance.
- March 19: Safe Harbor Conference, Washington, D.C. Sponsored by European Union.