Some recent news of malicious insiders:
- Employee's silent rampage wipes out $2.5m worth of data - Here, a woman unnecessarily fearing job loss wiped out valuable employer data.
- Sys admin jailed for 30 months over failed logic bomb - A system administrator at MedCo planted a logic bomb that was luckily a dud in his first attempt.
Some interesting reading on the insider threat:
- Are Insiders Really a Threat? - An article from the Software Engineering Institute at Carnegie Mellon discussing the reality of the insider threat and outlining thirteen practices for preventing insider attacks. Incidentally, I think the 30% stat they provide is low. I think 30% may be the percentage of reported malicious attacks perpetrated by insiders. A far greater number of security breaches happen every day by non-malicious insiders. And here's an article on research suggesting that many insider breaches aren't reported (and why).
- The CERT Insider Threat Research page - Lots of useful information on insider breaches, including the source of the article above.
What does all that mean?
Well, the insider threat is real. I don't think that's controversial news. But I would argue that there are far more light security breaches by insiders than malicious attacks -- something I haven't seen much data on. But a breach is a breach and in many cases can be prevented with the right policies, processes and tools. I like the SEI article and I think it provides a good place to start thinking about how to approach the challenge.