Data elements that businesses have collected for years and were regarded a simple tools to help get the job done, now have very specific value attached to them. In fact data records sell today on the black market for anywhere from $5 to $100 a record depending on their contents.

This is such a significant problem, that Governments all over the world have responded with Data protection regulations - all aimed at forcing businesses who are the custodians of the data that form electronic identities to adequately protect them.

What should be done to minimize the threats from internal attackers?

The first thing organizations have to do it to realize that this threat is no longer one than can be "swept under the carpet". The increase in the intrinsic value of data records can only ensure that the insider attack ratio will climb. Data needs to be locked away in the same way that most organizations will lock away office supplies.

The consequences of a data breach have also changed dramatically over the past couple of years.

Many current regulations now call for public notification of a data breach. And the stock market has reacted strongly to such notifications, which moves the risk of a data breach from a "local IT cleanup project", to something that will affect the overall value of the company.


This is no longer an IT issue, it's a business survival issue, as evidenced by the experience of CardSystems Solutions Inc who declared a data breach back in May of this year. After losing a number of its customers as a result of their lack of security, they are now in the process of being acquired by their rival CyberSource Corporation. For CardSystems Solutions Inc, this was literally a life and death issue.

All of which means a significant change in the traditional IT security strategies.

Up until now most IT security has been based on a "Moat and Castle" security strategy, or put simply; "Create a strong perimeter to separate the "trusted" environment (folks who belong to the organization), from the untrusted environment, (every one else), and secure against the untrusted environment."

The problem with this is that by definition insider attacks come from the inside... And so the security focus has to shift from the perimeter and beyond, to include securing inside the perimeter as well.

To do this, organizations start by identifying and establishing security policies specifically for inside the perimeter, including effective network segmentation that creates closed user groups, limiting what individuals are exposed or have access to.

Then you need to enhancing data security by protecting data-at-rest using authentication, and access control, as well as protecting data-in-motion with encryption - especially sensitive items like user names, passwords, and personal identity data.