Internal vs. External Security Threats
February 10th, 2008 Drazen Drazic Posted in Bad Stuff, Dumb Security, Risk Management, Vulnerability Management, cyber crime, governance |
It’s always stated that the majority of potential threats to an organisation are “internal” threats. (Check out most surveys, polls etc - they all state the same thing). Unfortunately, these internal threats don’t in many cases get the same attention or recognition as those threats posed by bad guys on the Internet.
I’ve lost track of the number of times a critical weakness has been brushed aside because it’s supposedly on the safe side of the network and not accessible to the bad guys. (Is it really?….Oh, it must be, there’s a firewall on our perimeter that keeps us secure). If internal threats as we are told, present the biggest risk to organisations why is this the case?
February 15th, 2008 at 1:42 pm
What you’re really asking is, why are humans comfortable with accepting higher levels of internal risks than they are of external risks ?
Perception is reality. Just ask Brucey Schneier. He’s been harping on about it for ages. And we all know he’s right.
Why are humans shit-scared of shark attacks when statistically we’re far more likely to die of a bee sting ?
Why are many humans petrified of aircraft flight when statistically, motor vehicles, far more dangerous ? Last year for instance, a mere 965 fatalities were attributed to aircraft flight, and thats world-wide, millions of kms flown. Pretty good odds.
Humans really are a strange species.