Saturday, January 26, 2008
There have been thousands of surveys and reports been conducted on Insider threats and the bottom line is 80% of attacks originate from within the company, be it a dissatisfied employee, one who is leaving a company, somebody who needs to know more (payroll :P) or simply corporate espionage.
A recent example is this, A women in florida deleted $2.5m worth of data, why ? Because she was about to get fired.
Companies find it very diffcult to stop insider threats because: -
1) Employees have almost instant access to all the internal systems and data.
2) They are always behind the corporate firewall so they need not to bypass your 5 firewalls to get into your network.
3) They know more about your network than attackers.
4) They know what vulnerabilities exist in your network.
5) They know your policies on patching.
6) They know your account lockout policies.
7) Companies that use SSO have some applications that dont lock your account even when you try a wrong password a hundred times.
8) Most of the employees know what type of logs you monitor.
9) And they know to social engineer your helpdesk staff :P