'Insider' government data breaches soaring
By Emily Chung, CBC News
Posted: Nov 15, 2011 2:50 PM ET
Last Updated: Nov 15, 2011 3:57 PM ET
The study was presented Tuesday in Toronto by, left to right, Northgate CEO Michel Juneau-Katsuya, Rafael Etges of Telus Security Solutions and Walid Hejazi, professor of business economics at the University of Toronto's Rotman School of Management. (Emily Chung/CBC)
Related
Related Links
External Links
(Note:CBC does not endorse and is not responsible for the content of external links.)
The proportion of "insider" internet security breaches caused by employees are rising quickly within Canadian government departments and agencies, a new study shows.
Insider breaches in the government sector grew by 28 per cent between 2010 and 2011 and are up 68 per cent since 2008, the fourth annual Telus-Rotman joint study on Canadian IT security practices reported Tuesday. They now make up 42 per cent of breaches reported by government organizations, compared to 27 per cent of breaches at public corporations and 16 per cent at private businesses.
"This is quite alarming," said Rafael Etges, director for security and risk consulting services at Telus Security Solutions, who co-authored the report with Neil Begin, program director at Telus Security Labs and Walid Hejazi, professor of business economics at the University of Toronto's Rotman School of Management.
That alarm shouldn't be necessarily eased by the fact that the number of breaches per government organization have declined slightly in the past year, Etges said, because it points to weaknesses in the government's approach to IT security.
Insider breaches include both malicious and accidental incidents, such as laptop or mobile devices losses and unauthorized access to networks or data by employees.
In fact, the latter type are reported at a much higher rate by government organizations than public and private companies, the study found:
- Laptop or mobile device thefts were reported by 34 per cent of government organizations surveyed in the study compared to 19 per cent of private companies and 25 per cent of public companies.
- Unauthorized access of information by employees was reported by 24 per cent of government organizations, compared to 11 per cent of private companies and 19 per cent of publicly traded companies.
The study relied on a survey of more than 600 Canadian IT professionals at government organizations, private companies and publicly traded companies. It noted that in the private sector and overall, the percentage of breaches caused by insiders is declining – down to 22 per cent in 2011 from 25 per cent in 2010.
When asked why there is such a difference in trends between the business and government sectors, Etges proposed a number of reasons.
Laptop or mobile device thefts were reported by 34 per cent of government organizations surveyed in the study compared to 19 per cent of private companies and 25 per cent of public companies. iStockFor one thing, government organizations rely more heavily on technology for its IT security and less on education and awareness training than businesses do, he said.
The fact that governments often block employee access to certain services such as social networking sites may also play a role, he acknowledged.
Blocking Facebook results in breaches
The study found that blocking social networking sites leads to more security breaches as employees try to circumvent the company's security.
Etges also noted that the government is an "obvious target" for people seeking unauthorized access to data.
Michel Juneau Katsuya, a former CSIS agent and manager who now advises governments and businesses on IT security, said 85 to 90 per cent of current spy cases involve an employee who was granted access to certain information. In an interview following the release of the report, he added that while it may be possible to use technical means to gain unauthorized access to certain data, "the vast majority of the time, they will get access through a person."
The key to preventing that is education and awareness training, said Juneau-Katsuya, CEO of the Northgate Group, an Ottawa-based security intelligence and research firm.
"It's not difficult," he added, noting that most employees want to do the right thing — they simply need to know the risks and how to prevent them.
"Unfortunately, the government is doing a really, really poor job in raising the awareness," he said.
He blamed a culture of secrecy that he says has long been part of both the current and previous governments.
"This secrecy is not helping us at all. We need more transparency."
Share Tools
Top News Headlines
- Canadian Pacific strikers face back-to-work legislation
- Labour Minister Lisa Raitt is prepared to end the Canadian Pacific Railway strike if necessary, after both CP and the union rejected a proposal for voluntary arbitration by the government-appointed negotiator on Sunday. Raitt says she is "extremely disappointed." more »
- Syrian regime denies role in Houla massacre
- The UN Security Council condemned the Syrian regime at an emergency meeting Sunday, holding president Bashar al-Assad's military responsible for the massacre of more than 100 people, dozens of whom were children younger than 10 years old. more »
- Ryder Hesjedal wins prestigious Giro d'Italia
- Victoria native Ryder Hesjedal has become the first Canadian to win one of the cycling world's three Grand Tour events, wrapping up the 2012 Giro d'Italia with an excellent performance in the final stage in Milan. more »
- Neighbour may have helped find missing kids in Mexico
- Two Winnipeg children who had been missing for nearly four years were found in Mexico after a man raised concerns about his neighbour, according to a private investigator. more »
Latest Technology & Science News Headlines
- South Africa, Australia to share world's largest telescope
- South Africa and Australia will jointly host the Square Kilometre Array, which promises to be the world's largest telescope, the international consortium in charge of the project said Friday. more »
- Bonavista, N.L., 'coyote' was really wolf, tests confirm
- Wolves have not been seen in Newfoundland since around 1930 and were believed to have been hunted to extinction on the island, but genetic tests have confirmed that an 82-pound animal shot on the Bonavista Peninsula in March was, in fact, a wolf. more »
- Once-rare argus butterfly thriving thanks to climate change
- Global warming is threatening the existence of many species, such as the giant polar bear, but in the case of Britain's brown argus butterfly, it took a species in trouble and made it thrive. more »
- Yahoo scraps digital magazine designed for iPad
- Yahoo has killed Livestand, a tablet magazine, just six months after its debut on the iPad. more »
Bob McDonald's Blog
Government to shut down unique fresh water research area May. 25, 2012 12:31 PM The Experimental Lakes Area research facility in Northern Ontario is being closed down after 44 years of providing invaluable data to scientists in Canada and internationally, a decision that has stunned researchers and environmental groups.
Quirks & Quarks
- May 26: Before the Lights Go Out May. 25, 2012 4:15 PM A new book, "Before the Lights Go Out: Conquering the Energy Crisis Before It Conquers Us", suggests that the unpredictable, unplanned, ad-hoc way our energy use developed in the past will shape our energy future.
Latest Features
- Seniors float above Montreal's Quartier Latin
- Accused in blast that killed Alberta mom handled her funds
- Remains found in bag on Cape Breton river ID'd
- Neighbour may have helped find missing kids in Mexico
- Quebec students and province to resume talks
- Lip-dub marriage proposal an internet hit
- Syrian regime denies role in Houla massacre
- B.C. NDP calls for unity in fighting coast guard closure
- Canadian Pacific strikers face back-to-work legislation
