I'm fortunate to live in Seattle, where I have access to many professional security organizations. One organization is the Cloud Security Alliance, which holds a meeting each month where security professionals gather to learn about new technology and threats. Last month, the speaker was one of the authors of Verizon's 2014 Data Breach Investigations Report. Each year, Verizon analyzes more data as an increasing number of organizations provide data from their breach experiences. As was expected, there was a lot of data from breaches and incidents from external sources-that is, from sources not originating from within the organization breached. While that data was the topic of several interesting discussions, a different topic-centered around the internal threat (breaches and incidents originating from within the organization)-also provoked some interesting discussions. This month's newsletter focuses on the internal threat and what the data does-and doesn't-show. Here's what I learned.

One can make the assumption that the insider threat is less of an issue than the external threat. And it's an obvious assumption given that the breaches and incidents documented as external are far greater than those documented as internal. But as our speaker pointed out, organizations are under no obligation to report insider breaches or incidents as long as they don't fall under breach notification laws or violate a state or federal law. Here's an example: It's doubtful that any organization would ever report that someone who had excessive authorities was able to accidentally upload a modified spreadsheet and change a production database file, making it unavailable until the database was restored. Yet that classifies as an incident. Therefore, it goes without saying that the number of internal breaches and incidents is significantly higher than what is reported in the survey. The question no one can answer is: how much higher? Regardless, the insider threat should not be ignored.

So let's dive a little deeper.