I just had a chance to talk to Brian Contos, Chief Security Officer of Arcsight about the insider threat. Brian is the author of a book to be published shortly titled” Enemy at the Water Cooler – True Stories of Insider Threats and Countermeasures” which you have to admit is a great title.
In security it pays to revisit security truisms from time to time. In another forum I treated the “Defense in Depth” meme. Here I just want to mention that as criminals get tuned in to the Internet and the power of the ‘Net in general they are using it in their fraudulent schemes.
There are two scenarios. The first is the motivated employee, not necessarily “disgruntled” but motivated. I blogged a few examples recently.
The other looming insider threat is infiltration. In this case your organization is targeted and the crime bosses either bribe or blackmail an existing employee to get what they want, or they get someone hired in as a mole. While “back ground checks!” is the first thing a consultant or auditor will shout when confronted with this scenario I do not feel you should stop there. Activity monitoring is the solution. That on top of access controls will lesson your exposure to attack by infiltration.
Hear Brian’s comments on infiltration in this week’s IT-Harvest Threatcast.IT-Harvest ThreatCasts used with the permission of Hyperion Records