| Today's headlines are littered with news of identity
thieves, organized cyber criminals, corporate espionage,
nation-state threats and even terrorists. They represent the
next wave of security threats but still possess nowhere near
the devastating potential of the most insidious threat: the
insider. This is not the bored 16 year-old hacker. We are
talking about insiders like you and I, who are trusted
employees with access to information - consultants,
contractors, partners, visitors, vendors, and cleaning
crews. Anybody within an organization's building or networks
that possesses some level of trust. Some insiders are
malicious to begin with, joining organizations with
surreptitious motives from the onset. These malicious
insiders may work for competitors, organized crime groups,
activists, terrorist organizations or even foreign
governments. However, most insiders do not start with
malicious intent, but become disgruntled or are motivated by
financial gain. Other contributing factors can be fear,
excitement, politics or even general malice. Others simply
make mistakes, having no malicious motive, but their actions
nonetheless have serious consequences. The larger an
organization gets, the more likely it is to be concerned
with insider threats. In a 2005 IDC study, it was discovered
that about 40% of large organizations felt that the greatest
security risks stem from internal threats as opposed to
external attacks. Around 30% of respondents felt that the
threats were about equal. Because of these threats, not
taking steps to address insiders can ultimately yield
regulatory fines, legal fees, litigation penalties
associated with class actions, public relations fees, a
decrease in shareholder faith, expenses related to placating
customers and ultimately lost revenue. There is no security
panacea. There is no piece of software that one can install,
no box that can be plugged in, no policy that can be
written, and no guru who can be hired to make an
organization 100% secure. Insider threats are the hardest
threats to prevent, most difficult to detect, and most
politically-charged to mange. Security is a process that
requires vigilance and awareness. It is a merger of people,
processes, and technology. Finding the best combination of
these variables to mitigate risk helps achieve a strong
security posture. With vivid real-life cases, this book
addresses the most difficult to manage and costly of all
security threats: the insider.
|
Biting the hand that feeds IT 
Published by: SYNGRESS MEDIA