Insider Threats Stephen Helms Jen Hugg Matt McNealy
“The Insider” A trusted member of the organization 60% to 70% of attacks came from the insider roughly twice the number of attacks come from the inside vs. the outside
Examples Acxiom Corp ChoicePoint Wachovia Corp. and Bank of America City of San Francisco
Insider Threat Study Secret Service National Threat Assessment Center (NTAC) Carnegie Mellon University Computer Emergency Response Team (CERT) Nature of Insider Attacks Usual Suspects Motivations
ITS Findings Former employees who held technical positions Motivated by revenge Unsophisticated methods Attacks occurred outside of normal working hours Remote Access
ITS Recommendations Restrict remote access Restrict system administrator access Collect information for all remote logins Monitor failed remote logins
Role of the Auditor Educated and Aware Employees Password sharing Entrance Barriers Sensitive information Employee Attitude
Securing Against Insider Attacks Software Testing Attack Simulations Training