Insider Attacks

Document Sample
Insider Attacks Powered By Docstoc
					Overview of

INSIDER ATTACKS

                  Joe B. Taylor
                  CS 591
                  Fall 2008
     Introduction

       Thriving defense manufacturing firm
           System administrator angered
           His role diminished with network he created
           Intimidates co-worker, obtains only backup tapes
           Terminated for abusive treatment of co-workers
           Logic bomb deletes system
           $10 Million in damage to the company
           80 employees laid off



12/8/08                      Joe Taylor/Insider Attack         2
      What is an Insider Attack?


           Insider: person with legitimate access
           Attack: harm or damage
           Common goals
             Sabotage
             Theft of intellectual property
             Fraud




12/8/08                         Joe Taylor/Insider Attack   3
      Who are these Insiders?


           The typical attacker
             32 years old
             Male
             Former full-time employee
             System Administrator




12/8/08                       Joe Taylor/Insider Attack   4
      Why do they Attack?

           Revenge
             Termination
             Disputes with employers
             Demotions
             Dissatisfaction with salary or bonuses
           Greed
             Most not in financial need
             Outsiders persuade and pay for modifying data



12/8/08                         Joe Taylor/Insider Attack     5
      When do they Attack?


           After a negative work-related event
           After displaying concerning behavior at work
           After planning the attack
           After technical preparation




12/8/08                      Joe Taylor/Insider Attack     6
      How do we mitigate the risk?

           Awareness
             Train employees on the importance of security
             Train management on the warning signs
           Prevention
             Effective implementation of available protection
             Expectation setting and positive intervention
           Deterrence
             Feedback to insiders about insider misuse
             Publicize presence of capabilities to detect misuse

12/8/08                         Joe Taylor/Insider Attack           7
      References
           Management and Education of the Risk of
              Insider Threat (MERIT): Mitigating the Risk of
              Sabotage to Employers’ Information, Systems,
              or Networks
             Common Sense Guide to Prevention and
              Detection of Insider Threats: Version 2.1
             Insider Threat Study: Computer System
              Sabotage in Critical Infrastructure Sectors
             The "Big Picture" of Insider IT Sabotage Across
              U.S. Critical Infrastructures
             DoD Insider Threat Mitigation

12/8/08                         Joe Taylor/Insider Attack       8

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:6
posted:9/11/2012
language:Unknown
pages:8