February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Andre Yee
Andre Yee's Security Insider
 An open dialogue about security and compliance for the enterprise.

« Attack on SuperBowl Site | Main | An Ounce of Prevention Against Insider Attacks »

February 08, 2007
Insider Attacks - Who's Behind the Curtain?

Insider attacks are typically more insidious than highly publicized worms. Who's behind these insider attacks? The simple answer is insiders, of course...disgruntled workers, untrusted contractors, etc...

A closer look might be a little more revealing according to this ComputerWorld article. Based on a Carnegie Mellon study, it highlights a couple of interesting statistics. 86% of all attackers are IT workers, with a majority of those holding sys admin privileges. More than half were committed by ex employees regaining entry via old user names and passwords. Does the phrase "fox guarding the hen house" come to mind? You can read the full Carnegie Mellon study here. It offers practices that will help detect and protect against these attacks based on system dynamics.

In addition to the recommendations of the study, I'd suggest that these statistics can teach us a few things -

First, security policies regarding termination of employees should be defined, documented and practiced. Documentation is important especially for a small IT group. In the event, your sys admin is the one terminated, you need to be able to hand it off to someone to execute on the policy.

Second, when it comes to security policies, checks and balances are good. We too often focus on technology and forget the security audit process.

Third, it matters who you hire, not simply what they can do. Hire for technical brilliance, for sure but ignore character at your own risk. Especially when you're hiring for a position that has sys admin privileges and access to proprietary and privacy info, you cannot put too high a premium on integrity.

Finally, monitor for insider attacks. It's vitally important because insider attacks pose a greater risk with regard to corporate data and intellectual assets. I'm going to stay on this topic over the next couple of weeks because I think it's largely overlooked so stay tuned.

Posted by andreyee in Insider Attacks |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1309

Comments Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
RSS Subscription

Recent Posts
Categories
Archives
Blog Roll
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map