1 / 8

Insider Attacks

Overview of. Insider Attacks. Joe B. Taylor CS 591 Fall 2008. Introduction. Thriving defense manufacturing firm System administrator angered His role diminished with network he created Intimidates co-worker, obtains only backup tapes Terminated for abusive treatment of co-workers

lyris
Download Presentation

Insider Attacks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Overview of Insider Attacks Joe B. Taylor CS 591 Fall 2008

  2. Introduction • Thriving defense manufacturing firm • System administrator angered • His role diminished with network he created • Intimidates co-worker, obtains only backup tapes • Terminated for abusive treatment of co-workers • Logic bomb deletes system • $10 Million in damage to the company • 80 employees laid off Joe Taylor/Insider Attack

  3. What is an Insider Attack? • Insider: person with legitimate access • Attack: harm or damage • Common goals • Sabotage • Theft of intellectual property • Fraud Joe Taylor/Insider Attack

  4. Who are these Insiders? • The typical attacker • 32 years old • Male • Former full-time employee • System Administrator Joe Taylor/Insider Attack

  5. Why do they Attack? • Revenge • Termination • Disputes with employers • Demotions • Dissatisfaction with salary or bonuses • Greed • Most not in financial need • Outsiders persuade and pay for modifying data Joe Taylor/Insider Attack

  6. When do they Attack? • After a negative work-related event • After displaying concerning behavior at work • After planning the attack • After technical preparation Joe Taylor/Insider Attack

  7. How do we mitigate the risk? • Awareness • Train employees on the importance of security • Train management on the warning signs • Prevention • Effective implementation of available protection • Expectation setting and positive intervention • Deterrence • Feedback to insiders about insider misuse • Publicize presence of capabilities to detect misuse Joe Taylor/Insider Attack

  8. References • Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers’ Information, Systems, or Networks • Common Sense Guide to Prevention and Detection of Insider Threats: Version 2.1 • Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors • The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures • DoD Insider Threat Mitigation Joe Taylor/Insider Attack

More Related