pixel_dreams - Fotolia

Is Australia's cyber security-focused government underestimating the insider threat?

Canberra is strengthening its cyber security response, but there is conflicting evidence about where the main threat is coming from

The latest in a series of public-private industry events has underlined the Australian government's commitment to bolster its national cyber security response – but produced seemingly contradictory evidence about the origin of those threats.

Attendees at an industry roundtable, hosted this month by Deloitte Australia and parliamentary secretary to the prime minister Christian Porter in the lead-up to the publication of a new government cyber security strategy later this year, were warned that 92% of cyber security breaches are perpetrated by outsiders.

Deloitte reported that 55% of these outsiders are organised criminals, 21% are state affiliated hackers, 2% activists and 1% former employees. Just 14% of breaches are perpetrated by insiders, the consulting firm noted, and three-quarters of breaches are caused by weak or stolen access credentials.

The roundtable, which focused on areas such as Australia's growing cyber security skills deficit, also highlighted the importance “for all employees, contractors and suppliers to be aware of how criminals are targeting them with their well-planned attacks, often triggered by ‘apparent insiders’ who are already lying in wait within the organisation”.

Australia's cyber security response has this year coalesced around the new Australian Cyber Security Centre (ACSC) and a revamp of federal security strategy that included prime minister Tony Abbott hosting the country's first cyber security summit in July.

At that summit, Porter said in a statement, “business leaders told us they wanted national leadership and a co-ordinated approach to address cyber security threats”. He said the roundtable marked the beginning “in earnest” of the alignment of government, business and research interests to “enable rapid response to issues”.

However, the 92% figure for outsider attacks contradicts industry research that suggests attacks by malicious insiders are a much bigger problem. In a LinkedIn survey of IT security professionals in June, for example, respondents blamed 59% of security issues on privileged internal users.

Read more about cyber security in Australia

Security research firm Ponemon Institute's IBM-backed 2015 Cost of Data Breach study found that just 43% of Australia's data breaches were the result of a malicious or criminal attack, while 57%  were caused by human error and system glitches.

Meanwhile, Verizon's widely cited 2015 Data Breach Investigations Report (DBIR) links just 18% of attacks to cyber espionage and 10.6% to insider and privilege misuse. The report said 11.4% of incidents were due to miscellaneous user errors and physical theft or loss.

The DBIR found strong variations between industries, with insider misuse dominating breaches in mining, administration and healthcare, while cyber espionage was significant in manufacturing, professional services and information industries.

Whichever numbers are correct, Australia's growing high-level focus on cyber security issues will see the government's cyber security strategy updated later this year to reflect the new threat climate. Yet, based on the numbers being floated around, it will be critical for the government to ensure its strategy does not gloss over the strong risk from malicious insiders as reported by on-the-ground security professionals.

Read more on Web application security