The Security Breach
Your network today is likely to be compromised or suffer the loss of proprietary informationnot by outside hackers, crackers, or damaging code, but by people within your own organization. Malicious actions on the part of insiders within your organization can have very serious consequences. According to the Computer Security Institute, the FBI, and Ernst & Young, security breaches such as electronic sabotage, equipment theft, pilfering of corporate resources, and access abuses represent 50% of all network attacks from the inside, often from unhappy workers. In fact, in a survey conducted by the International Computer Security Association (ICSA), at least half of all respondents had experienced insider security breaches related to unauthorized installation of computing tools, misuse of company resources, and abuse of access controls.
So who is the potential culprit? Although all employees of your organization pose a potential threat to network security, your primary focus should be those who have the knowledge of and access to your network, and, most importantly, who can do the most damage to it. And those people are your information technology specialists. In other words, those who design, maintain, or manage your critical information systems. Whether they're full-time, part-time, or temporary contractors, IT specialists hold the keys to your network security. A well-placed MIS insider can quickly find the critical points in your network. The MIS insider can also gain root access to your network through his or her existing user account, and no one would be the wiser.
Adding fuel to the fire is a NetVersant survey indicating that 82% of MIS personnel reported spotty or no compliance with their company's network security policies. In addition, 85% said a properly implemented firewall would still be at risk from disgruntled employees and 75% say their network firewall is at risk from garden-variety employee incompetence.