MSPAlliance – Monday, April 17, 2006 – Insider threats are the highest potential cost per occurrence to companies from compromised IT data. The reasons employees commit internal attacks range from the mostly harmless reason of the challenge and curiosity of breaching IT security to the malicious “disgruntled” employee out for revenge to the calculating insider stealing sensitive information for financial gain.
No matter what the reason, most internal attacks come from employees in positions of trust and physical access. The U.S. Secret Service and Carnegie Mellon University Software Engineering Institute’s CERT Coordination Center created a profile of the insider IT attacker in a 2005 study. According to the profile, attackers will be male and between the ages of 17 and 60, with racial and ethnic diversity. However, there is an 86 percent chance the attacker will be in a technical position.
The study also found that revenge was the motivator in 92 percent of insider attacks, and 64 percent of attacks were committed via remote access. Attackers had exhibited suspicious or disruptive behavior to colleagues or supervisors in the days before the attack 80 percent of the time. Most attacks required very little technical sophistication.
The most common damages from insider attacks are the sabotage of information systems, theft of information or assets, bad code, viruses and unauthorized installations. As most financial damage from insider attacks, about $348 billion of the $400 billion annual cost, is inflicted from “privileged users,” companies should log and audit user activity, while defending against remote attacks and malicious code. Most importantly, companies should be aware of the potential damages insider threats pose and implement IT security awareness company-wide.