Enforced encryption, reporting and biometric technology are among the tools required for the modern IT manager’s arsenal

Businesses are seeing an increase in malicious insider activity, according to the 2010 Data Breach Report from Verizon Business released last week.

But it is not just insider threats that are a concern to businesses. External threats targeting cloud services are also increasing. For example, last month US-based telco AT&T’s servers were breached. This resulted in the leakage of 114,000 email addresses of government and military officials.

So how can CIOs mitigate such attacks?

Insider risk
First, it is important to understand why they are increasing. Paul Henry, forensic and security analyst at Lumension, a global IT security provider, said: “It is partly driven by the economy. In a good economy you only need to worry about bad people doing bad things. In a bad economy, some of the good people are driven the same way.”

Increased regulation
Last week information security professionals body the Information Systems Audit and Control Association said reporting data security breaches should be mandatory in quarterly and annual company reports. Many firms only become aware of data breaches when notified by a third party – regulation will help them prioritise maintenance of their security infrastructure.

Cloud computing
If a company uses cloud computing, much of the network infrastructure moves outside of its direct control. This brings its own risks, as Henry explained.