Magazine article Risk Management

The Threat from Within: Data Security, Information Theft and Tech Fraud Can Hardly Even Be Considered New Kinds of Crime Anymore. but in a Troubled Economy, the Biggest Threat May Be the One Inside Your Own Organization

Magazine article Risk Management

The Threat from Within: Data Security, Information Theft and Tech Fraud Can Hardly Even Be Considered New Kinds of Crime Anymore. but in a Troubled Economy, the Biggest Threat May Be the One Inside Your Own Organization

Article excerpt

Massive layoffs have been making headlines for months. In fact, the steep annual drop in jobs last year marked the highest annual job-loss total since 1945, with a record rate of hemorrhaging at the end of 2008 bringing the year's total job losses to 2.6 million. And with the national unemployment rate reaching a staggering 8.9% in May, this trend shows no signs of slowing.

During these turbulent times, security analysts are warning companies to be even more on alert against potential insider threats. Not only are disgruntled employees more likely to lash out against their employers, but stressed employees also make easier targets for opportunistic rivals.

Even when employees are fired for legitimate reasons, they may become bitter and launch an internal attack. Last year in San Francisco, for example, Terry Childs, a computer network administrator for the city's department of technology, tampered with the network that contains the city's sensitive data and created an administrative password that illicitly gave him exclusive administrative access.

[ILLUSTRATION OMITTED]

Even independent of the current economic climate, attacks by company employees are now more common than attacks launched by outsiders and hackers. In fact, FBI statistics suggest that 70% of attacks in 2007 originated within organizations--and the number keeps growing by the year. Similarly, the threats continue to become more wide-ranging. Today, the types of attacks run the gamut from information theft to network shutdown, and almost no industries are immune. Financial institutions, retailers and technology companies remain the hardest hit, but hospitals, colleges and any other organizations with large inventories of private personal data are now frequent targets.

In a 2008 case, the FBI alleges that former Intel employee Biswahoman Pani of Worcester, Massachusetts copied an array of sensitive documents, including 13 top-secret company files containing design plans for future processor chips. In the complaint filed in a Boston district court, the FBI affidavit claimed that more than 100 pages of sensitive Intel documents, as well as 19 computer-designed drawings, were found during a search of Pani's house.

A survey polling CIOs and IT leaders that my company, Unity Solutions, recently conducted illustrates the macro trends. The findings revealed that 43% of respondents have experienced some type of fraud, theft or loss as a result of insider attacks, with 12% believing that their organizations have experienced substantial malevolent activity. On top of this, 22% believe that dissatisfied, under-recognized employees are most apt to commit some type of fraud or theft. And although nearly one-third believe that employees with a technical background pose the greatest threat, the truth is that these days, an employee needs little technological savvy to launch an insider attack.

To properly safeguard against this risk, organizations must design better security processes and bolster technological measures to protect their systems, data and customers. Currently, however, a slim 11% believe they consistently adhere to solid solutions and processes to combat insider threat.

Developing an adequate security policy is a relatively straightforward process, but is often overlooked or not taken seriously. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.