Majority of Security Incidents are from Extended Enterprise

Keys to the Network – via Creative Commons Zero License CC

Majority of Security Incidents are from Extended Enterprise


Internal attacks pose biggest threat to organizations around the world. Many companies will not provide details of their attack since doing so will show their lack of responsibility, quality of service and security principles. Companies like Equifax did their best not letting this kind of information out to the public until its is leaked. Every time a company releases the truth about their hacked network (internal or external) employee or just the bad hacker out there they are telling their shareholder, investors, customers, suppliers, vendors, government regulator that we are not good at what we do. This is the sad part of this discussion, which many companies will not release information due to backlash the people will have on their image.

According to ClearSwift (UK) Cyber Security firm a division of Raugh Defense, incidents including insider (yes 3 i’s) threats continue to rise. ClearSwift research shows that company employee threats from within the company via the extended enterprise network are the main problem point. Currently companies can detect suspicious action much more efficiently than prior years. This by no way is good enough, but the fact of the matter is that its still happening and the intrusion is taking place with much more valuable data.


ClearSwift shows the majority of security incidents are not caused by hackers. Clearswift has revealed that extended enterprise is largely responsible for data insecurity – not hackers.


Definition of Extended Enterprise: employees, suppliers, ex-Employees, vendors, customers etc.


ClearSwift Data Research shows attacks from:

  • Insider threat from within the organization make up 42% of incidents (2015 -> 39%)
  • Extended Enterprise attacks from known parties to the company 74% vs. unknown to the enterprise ->26%
  • Enterprise attacks from unknown parties in 2015 were at 33% (The unknown attack percentage is lower which seems to indicate odd numbers due to number of recent attacks)


Example of one attack was WannaCry which affected over 230,000 computers. (more detail on WannaCry)

The ClearSwift research seems to indicate while it is more likely that an attack will happen from within the enterprise forcing companies to elevate the cyber security policies.


Dr. Guy Bunker, SVP Products at Clearswift, stated:

“As General Data Protection Regulation GDPR approaches, every department in a business will need to recognize the potential security dangers associated with the data they use. Businesses may fall victim to the frenzy around high profile attacks and organisations may be quick to look at threats outside the business but, in reality, the danger exists closer to home. The blurring lines between personal and work-based technologies has led to an unabated rise in the insider threat.”

“A reactive policy of blocking technologies may prove futile as users will inevitably find a work-around. Educating employees about how to safeguard critical information, motivating employees to care more about the ramifications of a breach, and increasing investment in Data Loss Prevention (DLP) tools are the biggest priorities needed to minimize the risk of internal security breaches.”

“Being a responsible data citizen will also require organisations to look at the way in which partners or suppliers hold and share information, as breaches within the extended enterprise could also lead to heavy fines for the originating business.”


It might seem networks are breached daily and that is not the case. Every hacker, company, country that is involved in the theft will plan, coordinate and execute. They will want to attack a network which will result in a reward. As we become more connected and more online with everything, the same illegal thoughts that run through a bank heist will be going through the mind of the hackers which will find and connect with the right person having access to the right data within a company then plan and execute.


Information Technology, Infrastructure Security, Cloud & Virtual Architecture.

I am an Irvine, California native since 1978 and California State University Fullerton(CSUF) Computer Science Graduate. I have spent over 25+ years in Southern California and Studying Information Technology, DevOPS, Software Development, Network Architecture, Network and Cloud Security, AWS,  Artificial Intelligence, Natural Language Processing and more.