Sunday, September 15, 2013

Insider attacks: A recurring organizational risk

Most cyber crimes are preventable and most have the ability to severely damage or cripple an organization, in regards to leaks of sensitive information or data. While these attacks will always occur there are certain attacks that seem concern me more than the typical hacker who is out to either cause harm or for financial gain. These are the insider attacks that are occurring daily. Insider attacks occur when someone institutes a process from within an organization that is used to steal information or data from the organization. These attacks concern me more due to the fact that the individual in the
organization is the driving factor for the motivation for attack. Whether it is ideology, profit, anger, and so on these individuals all have different reasons and these reasons can be the deciding factor at any given time to damage those within an organization.

For example an article from Security Week reported yesterday, "Vodafone Germany said on Thursday that an attacker with insider knowledge had stolen the personal data of two million of its customers from a server located in Germany".(Lennon, 2013) This phone company had access to millions of people's personal data and someone who knew the organization inner structure stole this data and the motive is unknown or at least unreported. This attack was reported publicly yesterday but actually happened on September 5, 2013 and the organization conducted their own internal investigation. Right now no one knows the extent of the information stole or how much potential damage can be done such as identity theft, credit card details, or phishing scams. This seems to me to be a pretty viable threat. While it may not be physically threatening these insider cyber crimes have the potential to cause hardship to a lot of individuals.

Nick Cavalancia, vice-president of marketing at SpectorSoft, told SecurityWeek. "Anyone who looks closely at the record of damages caused by breaches will discover that insiders are not only a leading concern but also a leading problem." (Rashid, 2013) Insider threats pose a real risk that is just as dangerous to an organization as an external attack. There are organizations which pay to prevent external attacks and hacking of their systems but failed to focus on the insider threat because it is not rated as high in the reports put out annually. On average the reports by places such as the Verizon Risk Team reported insider attacks only at 14% of all the attacks that occur. This number may seem small but it is very prevalent in all organizations today, big or small.

While this threat continues to be a viable adversary in organizations, Wade Baker, principal author of Verizon's DBIR said it best for the vigilance needed to safeguard your information, "Understand your adversary—know their motives and methods, and prepare your defenses accordingly and always keep your guard up".

If you would like to know more, Read the following links:

 FBI. 2013. The Insider Threat: An introduction to detecting and deterring an insider spy. Retrieved from http://www.fbi.gov/about-us/investigate/counterintelligence/the-insider-threat

Lennon, M. 2013. Insider Steals Data of 2 Million Vodafone Germany Customers. Retrieved from http://www.infosecisland.com/blogview/23380-Insider-Steals-Data-of-2-Million-Vodafone-Germany-Customers.html

Rashid, F. 2013. Verizon 2013 DBIR: Financial Cybercime and Cyberespionage Dominate Threat Landscape. Retrieved from http://www.securityweek.com/verizon-2013-dbir-financial-cybercime-and-cyberespionage-dominate-threat-landscape

Reichenburg, N. 2013. Network Security - Inside Out or Outside In? Retrieved from http://www.securityweek.com/network-security-inside-out-or-outside

No comments:

Post a Comment