Page 9 - index
P. 9
least resistance for people to get their jobs done to also be a path that protects sensitive
data.
Malicious Insiders
Malicious insiders are employees who intentionally set out to harm the organization either by
stealing data or damaging systems. In most cases, malicious insiders were once happy
employees – cases of malicious attacks on computer systems by employees often result
from a breakdown in the relationship between the employee and the company, which can
happen for a variety of different reasons.
Research by the CERT Insider Threat Center at Carnegie Mellon University surrounding
hundreds of real-world cases of attack by malicious insiders has shown that most incidents
fit into one of three categories:
IT Sabotage - Someone destroys data or systems on the network
Fraud - Someone is stealing confidential data from the network for financial gain
Theft of Intellectual Property - Someone is stealing intellectual property for competitive
advantage or business gain
The motivations that turn insiders against their organizations are diverse, and can include:
Job/Career Dissatisfaction
When someone is extremely dissatisfied with their current work or career situation, they may
attempt to harm their employer by destroying or stealing data.
Monetary Gain
When exposed to valuable data that could make them money on the black market, some
employees will be unable to resist the temptation to steal and sell it.
Espionage
Both nations and corporations have been known to plant insiders within organizations for the
sole purpose of stealing trade secrets and intellectual property for espionage.
Activism
Activists are associated with a particular ideological movement, and can use the theft and
exposure of confidential data to bring attention to their cause.
Good access controls can help prevent damage done by malicious insiders. Checks and
balances are also extremely important in this arena, especially as it pertains to financial
data. It is critical to have multiple people keeping an eye on sensitive transactions so that no
one person can single-handedly circumvent company policy.
Cases of insider malice are often identified and investigated through the use of logs. It is
important to collect logs from endpoint systems and network devices. Different kinds of logs
9 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
