80 likes | 289 Views
Overview of. Insider Attacks. Joe B. Taylor CS 591 Fall 2008. Introduction. Thriving defense manufacturing firm System administrator angered His role diminished with network he created Intimidates co-worker, obtains only backup tapes Terminated for abusive treatment of co-workers
E N D
Overview of Insider Attacks Joe B. Taylor CS 591 Fall 2008
Introduction • Thriving defense manufacturing firm • System administrator angered • His role diminished with network he created • Intimidates co-worker, obtains only backup tapes • Terminated for abusive treatment of co-workers • Logic bomb deletes system • $10 Million in damage to the company • 80 employees laid off Joe Taylor/Insider Attack
What is an Insider Attack? • Insider: person with legitimate access • Attack: harm or damage • Common goals • Sabotage • Theft of intellectual property • Fraud Joe Taylor/Insider Attack
Who are these Insiders? • The typical attacker • 32 years old • Male • Former full-time employee • System Administrator Joe Taylor/Insider Attack
Why do they Attack? • Revenge • Termination • Disputes with employers • Demotions • Dissatisfaction with salary or bonuses • Greed • Most not in financial need • Outsiders persuade and pay for modifying data Joe Taylor/Insider Attack
When do they Attack? • After a negative work-related event • After displaying concerning behavior at work • After planning the attack • After technical preparation Joe Taylor/Insider Attack
How do we mitigate the risk? • Awareness • Train employees on the importance of security • Train management on the warning signs • Prevention • Effective implementation of available protection • Expectation setting and positive intervention • Deterrence • Feedback to insiders about insider misuse • Publicize presence of capabilities to detect misuse Joe Taylor/Insider Attack
References • Management and Education of the Risk of Insider Threat (MERIT): Mitigating the Risk of Sabotage to Employers’ Information, Systems, or Networks • Common Sense Guide to Prevention and Detection of Insider Threats: Version 2.1 • Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors • The "Big Picture" of Insider IT Sabotage Across U.S. Critical Infrastructures • DoD Insider Threat Mitigation Joe Taylor/Insider Attack