However our users would never do such a thing!
Risks also come from within!
Many breaches occur as a result of compromised user accounts. Risks can spread like wildfire in the dynamic traditional, virtualized and cloud environments that are used today in organizations. One wrongly widely used authorized account can cause irreparable damage to an organization.
What is Meant by “Insider Threat?”
CERT’s definition of a malicious insider is:
A current or former employee, contractor, or business partner who:
- has or had authorized access to an organization’s network, system, or data and
- intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization’s information or information systems
Insiders have a significant advantage over others who might want to harm an organization. Insiders can bypass physical and technical security measures designed to prevent unauthorized access. Mechanisms such as firewalls and intrusion detection systems are implemented primarily to defend against external threats. However, not only are insiders aware of the policies, procedures, and technology used in their organizations, but they are often also aware of their vulnerabilities, such as loosely enforced policies and procedures or exploitable technical flaws in networks or systems.
Who are offenders?
The typical fraudsters who operate from within are not who you think they are:
• Well-trained, workers with medium and long-term contract
• Managers / supervisors
• Employed in accounting, finance, sales, production …
Is not detected until it has been playing for several years
Refers to a single perpetrator, eg. Edward Snowden
• The culprit is probably a “Trusted Employee”
• Your security is therefore effectively defend against a single malicious user.