The Enemy Within
Play audio version
In security it pays to revisit security truisms from time to time. In another forum I treated the “Defense in Depth” meme. Here I just want to mention that as criminals get tuned in to the Internet and the power of the ‘Net in general they are using it in their fraudulent schemes.
There are two scenarios. The first is the motivated employee, not necessarily “disgruntled” but motivated. I blogged a few examples recently.
The other looming insider threat is infiltration. In this case your organization is targeted and the crime bosses either bribe or blackmail an existing employee to get what they want, or they get someone hired in as a mole. While “back ground checks!” is the first thing a consultant or auditor will shout when confronted with this scenario I do not feel you should stop there. Activity monitoring is the solution. That on top of access controls will lesson your exposure to attack by infiltration.
Hear Brian’s comments on infiltration in this week’s IT-Harvest Threatcast.
Theme music for IT-Harvest ThreatCasts used with the permission of Hyperion Records