CA security report highlights insider threat

Locking down sensitive data is more important than ever

The latest State of Internet Security report from CA has warned that employees will represent the biggest threat to enterprise security in the coming year.

The report said that businesses face an increasingly large and complex array of security issues, the worst of which may be irresponsible or malicious behaviour by workers.

Cyber criminals will begin targeting employees in earnest during 2009, getting at them through social networking sites with a view to recruiting them as "moles".

"Rather than write variants of malware, they will hire 'moles' to pinpoint weaknesses within businesses, and use employees (or former employees) willing to siphon data for a profit," the report said, adding that this is easier than rewriting malware code as security systems become more sophisticated.

"Businesses are at threat from all angles. Not only are they susceptible to external and internal scams, data losses and theft, they are at risk every time their employees use search engines, email and social networking sites at work," said Joseph Souren, vice president for CA's Internet Security Business unit.

"Businesses that fall victim to cyber crime face costs associated with repairing systems hit by attacks and in lost productivity from disruptions."

CA highlighted two types of attack that will be the most popular. The first is the "internal threat" related to staff. CA said that, while the misuse and loss of data is a constant threat, it has been heightened by the poor economic conditions.

The second is referred to as a "quiet attack" that is not initially obvious. CA explained that hackers were previously driven by gaining kudos for the most successful attacks, but that the trend now is to become "invisible" and to stay under the radar.

CA also said that data protection and ID access controls will become more prevalent in 2010 as companies struggle to protect sensitive information, and that there will be an increased need for security on mobile devices and in the cloud.