namelesstavern.net

[ClakarEQ]

This is for the IT folks here, of which I am one, however I've had a hard time finding "good" information on what I'm trying to do.

Here is some history and then I'll cut to the chase.

I work for a global company out of the UK. The division I work for is the second biggest, roughly 18k globally (including hourly folks). The biggest has something like 45k globally. There are several other divisions, in total 7 of us.

We have technical working party (TWP) meetings every quarter in attempts to develop divisional standards and governance for all divsions to follow. The process is a government of it own.

TWP develop directions that are supplied to the ISSG (ISSG is the CIO's and CFO of each division)

The leader of our TWP's is an IT guy that works for the largest division, makes sense in that scope.

This guy has a real hang up on security though, to such extremes that when placed on a scale, security outweighs functionality. Security overload comes to mind.

Cut to the chase.

I'm looking to the Tikkers and Lyions, etc of here to help me locate some good "hard" numbers on data theft and what percentage of data theft is internal, external, hacking, ID theft, social engineering, etc (I'm using ID theft out of context, I know)

To break it down some
Internal - employee just steals data and supplies it to externals, cleaning crew plants a hidden wifi WAP on the LAN, etc
External - super hacker breaks in via FW and steals data
ID Theft - Stolen cell phone with user id info, post it notes on laptops, "over the shoulder" password theft, etc
Social Engineering - "Listen here help desk, I AM the CIO now you reset my password NOW"
etc

I'm of the mindset that most data theft occurs from the inside. My personal experience confirm this but that doesn't it make it true. I have yet to work for any company where data theft occured by a hacker breaking in thru FW's and stealing data.

There is an unsolidified percentage that is always debateable called the 80/20 rule. 80% of theft occurs from internals, 20% from the rest. You can see and/or use this 80/20 rule in a lot of different ways but this is one of them.

There are some that would say it is now 50/50. The leader of the TWP appears to think it is 20/80 (20 internal, 80 the rest).

What do you IT guys have to say about this? Just looking for some good info, google and other resources I have don't offer anything "hard" but perhaps my google skillz are lacking.

/long winded off

[Lyion]

Unfortunately this is a subject I'm not too knowledgeable about.

I'd say from my personal experience, 90% of data theft is an inside job. This goes back to when it was much easier to hack into systems. Today, it's much tougher and there are safeguards in place, so even if you get in, you can't do much. Social Engineering gets a lot of airtime, but I think it's less of an issue than anything.

I've worked for IT Departments that have so much security they interfere with productivity. Generally, the biggest problems are idiots who leave laptops with spreadsheets full of corporate data.

I'd search google news for Boeing Laptop. There should be a ton of articles from people about Boeings screwups recently, with some reporters doing fact finding.

[Arlos]

You're going to have a hard time coming up with that data. No company out there is going to voluntarily release information on the fact that its security was compromised, and especially not on how it was done. The sole exception to this is if customer information (such as credit card #s, Social Security numbers, etc.) was exposed, in which case they are required by law to publicly notify of the breach.

But some company has a hacker that gets in and steals proprietary information, or if they have a janitor stealing unshredded trash from the CEO, they're not ever going to announce that, even internally.

As for my opinion of security, I have always felt that networks (etc) should have as much security as possible such that it doesn't interfere materially with the productivity of the users. I've seen networks with so many layers of security, that people could hardly get any work done, the network was so slow, because of all of that overhead. That, to me, is silliness. Still, paranoia about security is a good thing overall, just don't get TOO paranoid.

-Arlos

[Bodin]

Internal - employee just steals data and supplies it to externals,

Take count of users with (admin access) to their machines/laptops. No matter what level of the org they are they should not have access to install software.

had a recent issues here where mobile VPs "had" to be admins on their XP laptops. Guy not only made backups up our data from network drives but then shredded his work he had done for a year on his machine and deleted it from the network.

(Yes we had backups but dont ever underestimate a pissed off employee with semi rights ont the network)

PS, Boeing is a good case to look at. I have a fam member up in Boeing....they lose a shit load of laptops it is a huge issue.

A citrix enviroment without access to copy things locally can fix MANY issues. That is what I have now done with my firm.

Sales staff gets sales shit, the rest of them have to work inside an virtual env no pardons.