My last post on insider attacks mentioned the importance on knowing who you're hiring for that oh-so-important IT admin position. Here's a Dec 2006, Information Week article - The Case for Background Checks essentially making the the same point.

Roger Duriono, was hired by UBS PaineWebber in 1999 without a background check which would have uncovered a police record. Instead, Duriono ended up committing computer sabotage by releasing a logic bomb which crashed a couple thousand corporate servers and temporarily interrupted trading for thousands of brokers. The financial loss wasn't detailed in the article but needless to say, the loss of trading business was far more than the cost of fixing the technical problem.

The lessons here are simple. When it comes to security, an ounce of prevention is worth a pound of cure. Background checks and character references matter. To the point I made in the last post, hire for technical expertise but if you think integrity or character isn't important....think again. I bet UBS wished they did.

Posted by andreyee in Insider Attacks | Permalink | Comments (0) | TrackBacks (0)

Insider attacks are typically more insidious than highly publicized worms. Who's behind these insider attacks? The simple answer is insiders, of course...disgruntled workers, untrusted contractors, etc...

A closer look might be a little more revealing according to this ComputerWorld article. Based on a Carnegie Mellon study, it highlights a couple of interesting statistics. 86% of all attackers are IT workers, with a majority of those holding sys admin privileges. More than half were committed by ex employees regaining entry via old user names and passwords. Does the phrase "fox guarding the hen house" come to mind? You can read the full Carnegie Mellon study here. It offers practices that will help detect and protect against these attacks based on system dynamics.

In addition to the recommendations of the study, I'd suggest that these statistics can teach us a few things -

First, security policies regarding termination of employees should be defined, documented and practiced. Documentation is important especially for a small IT group. In the event, your sys admin is the one terminated, you need to be able to hand it off to someone to execute on the policy.

Second, when it comes to security policies, checks and balances are good. We too often focus on technology and forget the security audit process.

Third, it matters who you hire, not simply what they can do. Hire for technical brilliance, for sure but ignore character at your own risk. Especially when you're hiring for a position that has sys admin privileges and access to proprietary and privacy info, you cannot put too high a premium on integrity.

Finally, monitor for insider attacks. It's vitally important because insider attacks pose a greater risk with regard to corporate data and intellectual assets. I'm going to stay on this topic over the next couple of weeks because I think it's largely overlooked so stay tuned.

Posted by andreyee in Insider Attacks | Permalink | Comments (0) | TrackBacks (0)