Security "Bits"

How Does an "Outsider" Become an "Insider" Threat?

By Rich Campagna | December 12, 2014 at 11:01 AM

insider security threats

When it comes to enterprise security, in the cloud or otherwise, the insidious "insider threat" is certainly top of mind for a lot of organizations. And of course, when we think of the term insider, the first thing that comes to mind is our employees - typically that disgruntled employee leaving the organization to work for a competitor and bringing along scads of sensitive files and information. That's why I was intrigued when I came across this great talk on insider threats from RSA 2013 (slightly outdated, but still very relevant). In it, Dawn Cappelli, formerly of the CERT Insider Threat Center at Carnegie Mellon University, gives an example of an outsider becoming an insider threat. 
The example cites an employee of a computer networking company with access to a customer's network - in this case, a semiconductor company. This individual used his privileged access to that customer's network to steal sensitive data before taking a job at a competitive semiconductor company and then attempting to use that data for competitive advantage. 
Between examples like this and the Target breach, which resulted from credentials stolen from a third party HVAC vendor, maybe it's time to either expand our definition of the term "insider," or to finally get serious about limiting third party access to our applications and networks. As mentioned in the talk, "their insiders are your insiders." And, as reported in Forbes today, 71% of insiders have access to data that they shouldn't be able to see. 
BTW, here's a great top 10 list of recommendations for winning the battle against insider threats from Dawn and CERT. Some of these are immediately and inexpensively actionable. 


see all