Hacker News new | comments | show | ask | jobs | submit login

As much as we talk about securing your systems, having someone in-house go rogue like this is a MUCH higher risk to your data than having someone break in. Internal unrest (or stupidity) will probably bite you harder than crackers will.

While this definitely used to be the case (we used to find ~80% of incidents were internal employee issues), for the past four or five years we've seen that ratio change (not so much because the internal issues went down, but more because of the rise of external activity).

The reality is that organizations have to be able to deal with both internal and external threats, and a lot of the effort on that front has been around reclassifying access to no longer consider insiders as trusted (which an argument could be made that they never should have been trusted to begin with).

I'm not surprised to hear that the percentage of external activity is going up. Do you have a good handle on what the average ratio is nowadays?

Good numbers industry-wide are difficult to come by (but getting better), but according to the latest DBIR‡ (which, full disclosure, is put out by my former employer) breaks it down as 98% external, and 4% internal (why that adds up to greater than 100% is a mystery to me).


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact