As more personal and health information is migrating to cloud services, a

gatekeeper company needs to ensure total reliability and security. What does your
company plan to do to ensure this?

Statistics:

In the period from 2006 to 2007, over 1.5 million

names were exposed during data breaches that
occurred in hospital alone.

(Internal Threats)

According to Forresters research, insiders take

the cake as the top source of breaches in the last
12 months, with 36 percent of breaches stemming
from inadvertent misuse of data by employees.
(Grant, H., 2013)
http://www.csoonline.com/article/2134056/networksecurity/report-indicates-insider-threats-leadingcause-of-data-breaches-in-last-12-months.html

Company tend to focus on external threats from

hackers and malware. In fact, more than half of all
security incidents (58%) can be attributed to the
wider insider family: employees (33%), exemployees (7%), and customers, partners and
suppliers (18%). (Infosecurity Magazine, 3 May
2013)

Forrester found:

36 percent of breaches stem from inadvertent

misuse of data by employees.

42 percent received training on how to remain

secure at work, which means 58 percent haven't
had training at all.

57 percent say theyre not even aware of their

organizations current security policies.

25 percent say a breach occurred because of

abuse by a malicious insider.
http://www.huffingtonpost.com/robert-siciliano/databreaches-how-to-prot_b_5357354.html
Kind of internal threats:

Any violations of internet network security rules

and procedures which can lead to data theft.
Unauthorized searches or viewing, modification or
destruction of confidential data.
Theft of devices
Printing important documents
Unauthorized installation of Wifi network
connections.

Major
leak:

damage

from

data

Clients lost
Founders and investors will be displeased
Licenses could be lost of confidential data

Data Portability:
1. Ability to transition to another cloud vendor or back to healthcare organisation without
disrupting operations.
2. Traditional IT- physical control of systems, services and data. If the provider were to
suspend its services, the healthcare organization may suddenly be unable to service
its patients.

Damage extreme weather

o Flood- the most severe type of disaster experienced in Malaysia.
o In 1996, floods brought by Tropical storm Greg in Keningau, Sabah, claimed
241 lives, caused more than USD 97.8 million damage to infrastructure and
property.
o In 2007, floods in Johor caused 18 deaths and USD 489 million in damage.
o Floods in Kedah and Perlis killed 4 people, destroyed an estimated 45000
hectares of rice fields with the government pledging USD 8.476 million
o From http://www.eria.org/Chapter_14.pdf

 How much internet threats that happen in Malaysia? (Stealing of Information by

employees)
EY Malaysia partner, IT risk and assurance, Jason Yuen said
3. Globally 67% of organizations are facing rising threats in their information security
risk environment
4. The top three threats:
5. 1. Stealing financial information
28 %
6. 2. Disrupting or defacing the organiation
25%
7. 3. Stealing intellectual property or data
20%

(Avanti Kumar, 2014)

http://www.mis-asia.com/tech/security/many-organisations-still-fall-short-on-cyber-securityey-malaysia-study/

Clearswift had commissioned Loudhouse to identify the extent to which internal security
threats are affecting UK organizations and, in turn, how these are being managed. The
result shows an anomaly: while company and media discussion and company spend is
focused on external threats from hackers and malware, more than half of all security
incidents
(58%) can be attributed to the wider insider family:
employees (33%),
ex-employees (7%)
customers, partners or suppliers (18%).
3 May 2013 Info Security News
http://www.infosecurity-magazine.com/news/58-information-security-incidents-attributed-to/

Knowles, 1996 June noted in CIO magazine that computer security problem involve
someone inside the corporation about 90%