When it comes to threats to the integrity of core business operations and computer systems, most business owners and managers tend to focus the larger part of their attentions on those threats that come from without, like malicious hackers, economic spies and such. External focus isn’t necessarily the only perspective. Threats to your enterprise can also come from within, and hackers don’t necessarily care about your business size.
Not all company employees and contractors are above stealing secrets that they can then can sell or put to nefarious use. Indeed, one of the earliest cases of computer crime occurred during the years 1970 to 1972, long before the advent of the World Wide Web.
Albert, the likable, trustworthy, night shift computer operator of the National Farmers Union Service Corporation of Denver, turned out to be Albert, the Saboteur. After 56 consecutive hardware failures, all happening at night, company executives installed cameras to watch Albert on his shifts. It wasn’t long before he was caught in the act. When asked his reason for causing such significant damage, it turned out that Albert was simply lonely, arriving when others left, leaving when others arrived. The computer repair crew summoned each night after his nightly act of sabotage was a welcome sight.
Human experience has proven, time and time again, that the greatest dangers to our security, in fact, come from within, from those in our immediate circle. Once you think about it, this makes perfect sense; these people know the company and its inner workings the best. They also know what and where the company’s biggest weaknesses are.
Who’s Keeping Track?
Since 2002, a group called the Insider Threat Study team, a branch of the CERT (Computer Emergency Response Team), a division of the Software Institute at Carnegie Mellon University, has worked with the Secret Service to “identify, assess and manage” potential dangers to data and critical systems as well as the other major vulnerabilities. They concentrate their studies on employees who overstep the bounds of their authorized access to the IT systems of the companies they work for, in a way that negatively affects their security and threatens their missions.
What Companies are Most Vulnerable?
Insider Threat Study has found that four types of companies are most likely to be the targets of insider threats: banks and other financial institutions, critical infrastructure companies, information technology and telecommunications companies, and government agencies. They have published works on each of these types from 2005 to 2012.
How Insider Threats are Typically Handled
For the most part, fully 85 percent of all insider intrusions have been handled internally, with legal action being taken in only 8.5 percent of these cases. Businesses have resorted to contacting law enforcement or filing a civil action in only 12 or 3 percent, respectively. The most common reason management has chosen to deal with the problem from an internal standpoint is that they could not identify the perpetrator, while others kept quiet for lack of enough evidence to prosecute. In either case, it belies one to think that the real reason companies are reluctant to speak out about network incursions is their embarrassment for not maintaining adequate security efforts. Additionally the process of reporting crime becomes public record, and significant exposure of proprietary company operations could result.
The Threat Landscape
Despite what we’ve said in the introduction, the latest statistics indicate that only 28 percent of all electronic crime events are known, or at least suspected to have been caused by insiders. The other 72 percent come from external sources. Of those that were most costly or damaging to the organization, however, the percentage of insider sources surges upwards of 46%, a trend that should be of concern to every business owner.