Last week was fairly slow as far as all things security are concerned. There wasn't anything terribly exciting to happen, which always scares me a bit as I see it as the calm before the storm.
Internal Abuse Overtakes Viruses as Security Threat
I suspect these two threats go hand in hand to a certain degree, but this is terribly interesting. It begs the question why have the virus numbers gone down faster than the "Internal Abuse" numbers?
It's quite possible that the operating systems have become more robust, the users are better educated, antivirus software is starting to work better. Perhaps more companies are now running antivirus software. It's also very possible that the respondents to the report are starting to ignore the virus problem and just consider it a cost of doing business.
Internal attacks have always been a far larger issue than outside threats in an organization. A lot of people like to ignore this fact and focus on attacks coming in from the outside. It's easy to sensationalize some
hackers trying to steal your bank account numbers. Catching Bob from accounting looking at executive pay isn't very exciting. I can understand why so many groups focus on the external. There is also the issue of keeping your employees happy and not making them feel like they work in a bad rendition of 1984.
Sometimes it works to compare a computer security idea to the tangible world. Nobody thinks twice about locking the server room door. Why should anyone take offense to not having access to an area of the network they don't need? A bit like the old saying that locks are really only there to keep the honest people honest.
