IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Trend Shows Alarming Rise in Internal Security Threats in the Past Year

"Despite millions of dollars invested in security technology and millions more in personnel costs, we did not find a single company that had a completely clean bill of health from a risk and security perspective."

"Despite millions of dollars invested in security technology and millions more in personnel costs, we did not find a single company that had a completely clean bill of health from a risk and security perspective."

Security audits of more than 100,000 corporate endpoints were recently conducted by Promisec. These audits were conducted in the first six months of 2008 in enterprises of different sizes and revealed that not even one organization was completely clean from internal threats, and the minimum number of threats found was three.

In today's world, more and more customer data is being found on servers, desktops and laptops which contain critical information that can promote a company's growth or destroy it in an instant. Furthermore, the risk extends beyond the private sector to the public sector and anyone in their homes receiving services from one of these infrastructure entities.

The audits were done across a number of industries, including finance, healthcare, insurance, manufacturing, etc. and found that:

  • Use of unauthorized removable storage continues to rise in
    organizations.
  • The number of endpoints that do not apply threat management
    agents or are not updated with the latest build or signatures continues
    to rise.
  • Instances of unauthorized instant messaging continue to increase in all
    organizations.
The company discovered that 12 percent of infected computers had a missing or disabled anti-virus program, 10.7 percent had unauthorized personal storage like USB sticks or external hard drives, 9.1 percent had unauthorized peer-to-peer (P2P) applications installed, 8.5 percent had a missing 3rd party desktop agent, 2.6 percent had unprotected shared folders, 2.2 percent had unauthorized remote control software, and 2 percent had missing Microsoft service packs.

One of the most alarming findings of the audit was how rapidly these internal security threats have increased over the past year. Compared to a similar study conducted in 2007, results showed that in the first half of 2008, the percentage of infected computers with unauthorized remote control software had increased by more than 200-fold, those without a working anti-virus program had increased 12-fold, and the number with unauthorized storage had increased by 10-fold. Other threats had increased by anywhere from two to eight times as many when compared to the previous year.

"Despite millions of dollars invested in security technology and millions more in personnel costs, we did not find a single company that had a completely clean bill of health from a risk and security perspective," said Alan Komet, vice president of Promisec. "Internal threats are the biggest risk area to a company's security, and the threats we found are ones that are easily remediated. However, the lack of visibility into the endpoints and servers within an enterprise makes it difficult for IT administrators to fix the problems."

Promisec regularly conducts comprehensive security audits at potential customer sites to identify the prime threats to internal network security, originating at endpoints enterprise-wide. The audit takes less than an hour after implementation of Promisec Spectator, installed on a single enterprise workstation and can scan each endpoint in under four seconds. The software's ability to perform discovery and provide reporting across all corporate networks produces a detailed synopsis of processes, devices and other activities on the network which may be outside of corporate policy, revealing the current state of internal network security.