The art of designing Castles in Medieval times was a skilled and complex task- Many Castles had Towers, Barbican entrances, Moats, fearsome entrances with machicolations (murder holes,) arrow/crossbow slits, portcullises, and walls to strike fear into the bravest attacker.
Dover Castle, Krak des Chevalier in Syria, Corfe Castle, Edinburgh Castle and Nottingham Castle were of this ilk-so why did they all fall? Unfortunately -a common theme- treachery from the inside. People betraying their organisations, their families, their friends and colleagues for some ‘higher’ reason- gold, advancement, principled stand- but with the same result- ruination for the insiders of the castles.
The same theme is unfortunately still prevalent today. Replace Castle with corporation or organisation and the war still goes on. Figures vary- but an aggregation of publically available data show that between 58-72% of all data breaches are caused by either the employees or partner/ex-employee cohort. From the organisation’s perspective they saw 87% of inadvertent human error, 82% of lack of security understanding and 82% of introduction of viruses through BYOD as the major internal Security concerns.
Today it is unusual to find that a security breach is a simple breach. It may be a failure of a policy, an individual trying to help colleagues, a technology failure, or a disgruntled ex-employee exploiting lax security, or a combination of many factors.
There is a worrying trend which despite all the answers given in surveys seems to be a major disconnect in the security thinking. People have forgotten the castle metaphor and despite the statistics to the contrary, 69% of companies report that external threats are their main Security preoccupation, compliance and safeguarding the customers’ trust information scoring above guarding against the insider threat. The finance sector, fighting against external and compliance issues scores highly in looking to protect itself from the outside.
At the NUT conference this year it was reported that over half the teachers informally polled admitted taking confidential school work home, or sending to free personal mail servers to collect and work on at home.
The rise in partnering and the need to share information has blurred lines of who is inside and who is outside an organisation- and who should be able to see information and who should not.