Mitigating insider threats from a people perspective | CSO Online

Cyber threats come in various forms. A diverse threat actor landscape consisting of criminals, espionage actors, hacktivists, and more have demonstrated how successful they can be launching remote attacks. Gaining unauthorized access into networks, stealing sensitive intellectual property, financial, and personal identifiable information, and conducting defacements and denial-of-service attacks, are just some ways these hostile elements target organizations in both the public and private sectors. If enterprises want to understand how they can better invest in security defenses, build the necessary One class of actor that often gets overlooked is the insider threat, largely because they represent a hybrid type of actor that capitalizes on his physical access to conduct malfeasance, often leveraging some cyber aspect in the fulfillment of his goals. What is wrong with this picture?  Insiders can both be witting and unwitting. The unwitting or careless insider is an individual with legitimate accesses but who through poor judgment commits a security infraction that results in potential consequences for his organization (e.g., think the insertion of a USB key into an organization’s network). The witting or malicious insider is an individual that makes the conscious decision to abuse his access in order to obtain sensitive and/or financial information for personal gain or purposeful malicious intent (e.g., an individual like Chelsea Manning or Edward Snowden fits this category). A third type of insider is the remote actor or masquerading insider who has compromised legitimate credentials in order to gain access as a trusted individual on an organization’s network. One thing that all of these three types have in common: once inside, perimeter security can do little to deter their actions.

Source: Mitigating insider threats from a people perspective | CSO Online

Advertisements

Author: Stephen G. Barr, Group Publisher

Author, Syndicated Columnist, Editor In-Chief and Group Publisher at SGB Media Group, a social media marketing firm specializing in digital media content production, publishing, affiliate marketing, public relations and advertising. Over 25 years experience in retailing, advertising, website & online forum development, niche social networking, affiliate marketing, search optimization, branding and identity, site location, non-profit fund raising. Event planning, promotion, production and MC/Host at public events. Author, Editor & Publisher of 35 syndicated, digital publications utilizing multiple digital distribution channels in conjunction with launching and administrating national advertising campaigns for major Fortune 500 advertisers in partnership with Google, Ning, Facebook, Myspace, Yahoo, DoubleClick, LinkShare, PepperJam and other industry leading third party affiliate networks. Product development team member from conception to launch on many websites, tangible goods and organizational structure for start ups. Specialties: Public relations, retailing, advertising, website & online forum development, niche social networking, blogging, email campaigns, affiliate/performance marketing, search optimization, branding and identity, site location, event production & promotion, non-profit fund raising and tasteful, responsible adult content publishing. An internationally recognized and read social media columnist & pundit on The Examiner, Associate Content, Vator.tv, X-Biz.net and Technorati and his own affiliated sites.