Internal Negligence is Biggest Cause of Data Breaches
Current research studies conducted in the U.S. and Europe indicate that the majority of data breach incidents involve negligence on the part of company employees. This negligence may involve either accidental or purposely malicious compromise of customer data records.
The results of a 2009 study conducted by the Ponemon Institute (an independent information management and privacy research firm) included these facts:
- 75% of organizations in the U.S. and Europe have experienced data breaches.
- More than 88% of all data breach cases are caused by insider negligence.
- Data breach incidents in the U.S. cost companies an average of $202 per compromised data record. Since 2005, this cost has risen by 40%.
- The biggest impact on companies that report data breaches to customers is abnormal churn (or customer turnover).
"The findings of this benchmark study suggest U.S. companies that have a loss or theft of personal information requiring notification do incur significant direct and indirect expenses. The most negative cost impact results from the diminishment of confidence and trust in the company, which translates into abnormal or unexpected customer turnover."
Dr. Larry Ponemon, Ponemon Institute Founder and Chairman
The Internal Threat to Enterprise Security
- The Gartner Group states that 75% of attacks on Web application data come through the application layer rather than the infrastructure.
- Cyber attacks on the application layer and application data breaches are rising at an alarming rate. According to the National Institute of Standards & Technology (NST), at least 92% of existing vulnerabilities are in application software.
- According to NTA Monitor's 2009 Annual Security Report, the average number of Internet security vulnerabilities rises on an annual basis. Out of tested organizations, 27% have one or more high-risk vulnerabilities.
"Enterprises should not experience a false sense of security simply because their mission-critical applications run on mainframes. Yet, they are often defenseless against insiders equipped with in-depth knowledge of the applications' logic and security policies - those using legitimate means to exploit the system. Most attacks on legacies come from inside the enterprises, committed by their own employees ...Applications should be protected from the inside out."
Joseph Feiman, Gartner Research, September 29 2006
Implementing Security for Mainframe Legacy Applications - Worth the Investment
Working from the Inside Out to Secure Enterprise Data
Web applications are become increasingly important to enterprises with an online presence. In addition to interfacing with customers, Web applications are being used for internal applications in the areas of HR, CRM and ERP. Many businesses are providing access to internal data through internal portal applications. Secure company information is stored, transmitted and accessed through a variety of Web applications.
In the past, enterprise security has relied on technology like VPNs and firewalls to prevent information tampering and theft. Unfortunately, internal negligence and attacks bypass most of the traditional enterprise defenses. Web applications must provide the first line of defense against both negligent and malicious data breaches. According to NTA Monitor, more than 70 million records are exposed each year to cyber-attack.
- Enterprise Web applications at the highest risk include email, intranet, collaborative tools, file servers, warehouse management, ERP (Enterprise Resource Planning) and HR (Human Resources).
- Protecting enterprise data beings with securing Web applications access and transmit sensitive data records.
Maximize ROI by Securing Enterprise Data
The SSM Website Scanner works to diagnose and monitor Web applications providing critical insight into the security for a variety of internal enterprise applications. Both internal vulnerabilities and external attack points are identified and monitored by SSM. Suspicious website properties and applications are automatically detected and reported. Alert notifications are also automatic.
SSM Website Security Scanner is designed to meet the requirements of enterprise Web application security.
- Low total cost of ownership
- Works on virtually all types of Web applications
- Nothing to install or Manage