Insider Threat Prediction Materializing

As we approach the end of the year, I'm looking to see if my Predictions for 2008 are materializing. My third prediction was:

Expect increased awareness of external threats and less emphasis on insider threats.

Accordingly, I was happy to see the story Targeted Attacks, DNS Issues Hit Home in New CSI Report contain the following subtitle:

Insider abuse shows marked drop-off in 13th annual survey by Computer Security Institute

Ho ho, what does that mean?

While some threats are on the increase, CSI also found that others are on the downturn. Insider abuse dropped from 59 percent in 2007 to 44 percent in 2008, the largest shift recorded in this year's survey.

"I think there was a lot of hype around this last year, and now it's coming back to reality," Richardson says. Insider abuse numbers hovered at around 42 percent to 48 percent in 2005 and 2006 and then spiked last year, he noted. (emphasis added)

I noted the annual CSI study supported my position on the prevalence of the insider threat in relation to other threats in my 2006 post 2006 CSI-FBI Study Confirms Insider Threat Post. Now, of course you can dispute the methodology of the CSI study, but even if it's only directionally correct it still supports my prediction.

After all the stories about attacks from a certain large far eastern country (documented in my "v China posts), widespread reporting on named botnets (remember when malware was named, not botnets?), and very public stories on attacking core infrastructure (DNS, BGP, now TCP), it's nice to see CSI-FBI respondents at least realize they're far more likely to be victimized by one of these forces largely outside their control.

I've discussed Incorrect Insider Threat Perceptions before, specifically that the insider threat is the one threat you can really control. Unless you're a police or military organization, you can't do anything about external threats. Anyone with firing power can do something about internal threats.