Monday, February 23, 2009

Insider threats, now with numbers!

I find myself in a difficult place tonight. The Ponemon institute has released a study based on a web based survey finding that 59% of fired/laid-off employees steal data on their way out the door. For the most part, I always prefer to use numbers to back up the claims that I will make to management. So rather than say that some unknown percentage of our fired/laid-off workers will steal company data on the way out, I would prefer to say 59% of them will. On the other hand, I don't have the greatest amount of faith in the Ponemon institute right now.

You may recall from a couple weeks ago that Ponemon brought us the news that credit card breaches cost an average of $202 per record, and of that $139 was from lost customers. I explained my rationale for questioning that number, and it was also beat up a bit on the Security Metrics mailing list.

Unfortunately I can't find the actual study itself. I used all the usual Google tricks, but it doesn't seem to be on the web site and this article doesn't have a link to follow. So for now, we have no way of analyzing the report for systemic bias. As always, I recommend that you take this with a grain of salt and see how much of it applies to your organization before you enshrine it in the gospel of your information security plans.

No comments: