Ranked in descending order
1. Independent hackers
2. Disgruntled employees
3. U.S. competitors
4. Foreign corporations
5. Foreign governments
Source: 2001 Computer Security Institute/FBI Computer Crime and Security Survey
The threat: Employees and former employees who try to hack into company computer systems.
The 2001 Computer Crime and Security Survey - conducted annually by the Computer Security Institute () and the FBI - says disgruntled and dishonest employees are responsible for most attacks on IT systems. Independent hackers came in second place.
Employees were identified as the greatest security threat by 35 percent of respondents in a separate study conducted by consulting firm KPMG LLP (). Hackers followed at 34 percent. But that study specifically concerned the auto industry.
Security experts say layoffs this year by automakers and suppliers only make the threat more real. The last time the industry was in a downturn - in the early 1990s - few people outside of government or academia had access to the Internet.
In the past, there was an implied level of trust among automakers, suppliers and employees when it came to network connections, said Jose Granado, a partner at Ernst & Young's () security and technology solutions office in Detroit.
That no longer exists, he said.
"Everybody's worst nightmare with hacking is a little different," said Fred Rica, a partner in PricewaterhouseCoopers' () threat and vulnerability assessment practice in Florham Park, N.J. "Or maybe it's when your database gets disclosed and your customer's credit information is revealed."
Rica leads a team of specialists who simulate hacker attacks to show clients where their systems have vulnerabilities.
"Our clients' first reaction, when we tell them that we got something, is that they get very defensive and don't believe we did it - especially the system guys who take a lot of pride in what they do," Rica said.
But David Miller, information security officer at the Covisint automotive industry exchange, said employees could be helpful in enhancing network security.
"I have seen that people are much more willing now to take security seriously by changing their passwords and creating good passwords that are uncrackable," Miller said. "Security is only 49 percent technology. Fifty-one percent of it is the internal users."