Welcome to NBlog, the NoticeBored blog

I may meander but I'm exploring, not lost

Dec 20, 2006

Insider threats info from CERT

A fascinating podcast by CERT's Dawn Capelli reveals a survey by CERT/SEI/US Secret Service/CSO survey of the insider threat. As well as the usual roll-call of scary statistics (27% of security incidents are caused by insiders; 55% of the organizations surveyed had experienced deliberate insider malicious activities; 57% of IT sabotage attacks are committed by former employees), mentions several interesting incidents and threats such as employees deliberately stealing proprietary software and other information over a long period or just prior to moving to a new job, downloading logic bombs and framing their supervisors, creating backdoor accounts or modifying privileged scripts or planting long-fuse logic bombs while they still have privileged systems access.

To back-up the podcast, there is a wealth of information on the insider threat on CERT's website. This is evidently a focus area for CERT and (on a professional note) it is gratifying to find that employee security awareness is recognized as an important control - specifically, Dawn mentioned use of 'whistleblower hotlines', policies and so forth to encourage/facilitate employees shopping their peers. Snitching may create its own ethical dilemmas but, speaking as one who has occasionally benefited from information provided in confidence by 'snouts' aggrieved at the liberties taken by their colleagues, it is a sadly underappreciated form of control.

Account management and review processes and change/configuration change management practices are also emphasized. The podcast highlights the amount of trust placed in privileged IT insiders.

More security awareness links