Insider Attacks

Document Sample
Insider Attacks Powered By Docstoc
					Overview of


                  Joe B. Taylor
                  CS 591
                  Fall 2008

       Thriving defense manufacturing firm
           System administrator angered
           His role diminished with network he created
           Intimidates co-worker, obtains only backup tapes
           Terminated for abusive treatment of co-workers
           Logic bomb deletes system
           $10 Million in damage to the company
           80 employees laid off

12/8/08                      Joe Taylor/Insider Attack         2
      What is an Insider Attack?

           Insider: person with legitimate access
           Attack: harm or damage
           Common goals
             Sabotage
             Theft of intellectual property
             Fraud

12/8/08                         Joe Taylor/Insider Attack   3
      Who are these Insiders?

           The typical attacker
             32 years old
             Male
             Former full-time employee
             System Administrator

12/8/08                       Joe Taylor/Insider Attack   4
      Why do they Attack?

           Revenge
             Termination
             Disputes with employers
             Demotions
             Dissatisfaction with salary or bonuses
           Greed
             Most not in financial need
             Outsiders persuade and pay for modifying data

12/8/08                         Joe Taylor/Insider Attack     5
      When do they Attack?

           After a negative work-related event
           After displaying concerning behavior at work
           After planning the attack
           After technical preparation

12/8/08                      Joe Taylor/Insider Attack     6
      How do we mitigate the risk?

           Awareness
             Train employees on the importance of security
             Train management on the warning signs
           Prevention
             Effective implementation of available protection
             Expectation setting and positive intervention
           Deterrence
             Feedback to insiders about insider misuse
             Publicize presence of capabilities to detect misuse

12/8/08                         Joe Taylor/Insider Attack           7
           Management and Education of the Risk of
              Insider Threat (MERIT): Mitigating the Risk of
              Sabotage to Employers’ Information, Systems,
              or Networks
             Common Sense Guide to Prevention and
              Detection of Insider Threats: Version 2.1
             Insider Threat Study: Computer System
              Sabotage in Critical Infrastructure Sectors
             The "Big Picture" of Insider IT Sabotage Across
              U.S. Critical Infrastructures
             DoD Insider Threat Mitigation

12/8/08                         Joe Taylor/Insider Attack       8

Shared By: