Page 57 - index
P. 57
the disgruntled former employee who may seek revenge or the contractor who may soon be
working for a competitor. Regardless of the type of threat, the impact of an attack from the
insider vulnerability is very significant.
Impact of an Insider
An “insider attack” is a security breach caused by someone within the organization who has the
responsibility for providing security or building security for the organization. Examining insider
attack statistical data is an important determinant in in concluding that the number one
vulnerability facing information technology (IT) managers.
The British Department of Trade and Industry published a survey that mentions that insider
misuse doubled in 2004 and that one-third of the respondents claimed that the worst security
incidents were caused by internal staff. The FBI and Computer Security Institute published a
report of the findings from cybersecurity professionals that indicate insider abuse accounted for
50% of malicious attacks and cost nearly $7 million. According to the Korean Small Business
Administration, 90% of technology and customer leakage and embezzlement are done by
company insiders. In more recent news, Edward Snowden, while working as a
contractor for Booz Allen Hamilton copied up to 1.7 million top-secret and above documents
from the National Security Agency (NSA) and distributed up to 200,000 documents to the press;
this could possibly be the most damaging security breech in the US history.
Most people would have thought that would have never happened. According to Michael
Hayden, Central Intelligence Agency Director (2006-2009), Snowden won the Sam Adams
Award for Integrity in Intelligence; he was also on the short list to be awarded the European
Parliament’s Sakharov Prize for Freedom of Thought (2014).
As a top-secret cleared systems administrator, Snowden was authorized to have access to
classified information. However, he also had access (unauthorized access) to three higher
levels of classified information - sensitive compartmented information, special access programs
and critical nuclear weapon design information. By modifying existing user accounts with these
higher clearances, he gave himself access to the most secret information.
Needless to say, this has had serious damaging effects throughout the world. Had the proper
safeguards been in place to neutralize this threat, the vulnerability of a technical insider would
not have been exploited. Guarding against this vulnerabilities is challenging, but, it can be done.
Guarding Against Insiders
Each organization should develop a customized security plan to meet their goals and objectives
and satisfy their acceptable levels of risk and comfort. Some will need the maximum security
plan, others will require less.
57 Cyber Warnings E-Magazine – July 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
