BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Predicting Insider Threats

Posted July 19, 2011    Peter McCalister

In the movie Minority Report, police have created a system which predicts crime before it happens in a nightmarish Orwellian scenario. But what if companies could predict who would attack their most valuable assets? What kinds of ethical considerations would arise?

While insider threats are less in number, when they do happen the damage is generally far greater than an outside attack. According to the 2011 CyberSecurity Watch Survey conducted by CSO Magazine and Deloitte, annual monetary losses from breaches average approximately $123,000 per organization.

This past year WikiLeaks has brought new meaning to the concept of insider threat by providing a convenient vehicle to empower staff at government agencies and public/private corporations to quickly and instantly hand over their privileged information to the world.

Researchers at Pacific Northwest National Laboratory believe that combining traditionally monitored cyber security data with other kinds of organizational data is one option or inferring the motivations of individuals, which may in turn allow early prediction and mitigation of insider threats. While unproven outside the lab, researchers believe that this combination of data may yield better results than either cyber security or organizational data would in isolation. However, this nontraditional approach yields inevitable conflicts between security interests of the organization and privacy interests of individuals.

Should warning signs of a potential malicious insider be addressed before a malicious event has occurred to prevent harm to the organization and discouragethe insider from violating the organization’s rules? Predictive approaches cannot be validated a priori; false accusations may harm the career of the accused; and collection/monitoring of certain types of data may adversely affect employee morale.

While predicting insider threats makes for an interesting movie plot, the best bet for organizations in this day and age is to implement privileged identity management solutions to create boundaries that enable end users and applications to communicate freely within an IT environment without worry of intentional, accidental or indirect misuse of privilege.

Leave a Reply

Additional articles

powerbroker-for-mac-diagram-small

PowerBroker for Mac: A Least-Privileged Apple a Day…

Posted July 27, 2015    Jason Silva

BeyondTrust PowerBroker for Mac reduces the risk of privilege misuse by enabling standard users on Mac OS X to perform administrative tasks successfully without entering elevated credentials.

Tags:
, ,
PrivilegedAccountManagement

On Demand Webinar – Now is the time for Privileged Account Management

Posted July 24, 2015    BeyondTrust Software

In this webinar, SANS Instructor and Founder of Voodoo Security, Dave Shackleford, will revisit several hacking and breach scenarios that involved privileged accounts, and use these as examples while discussing tools and tactics to get this problem under control once and for all.

Tags:
, ,
dave-shackleford-headshot

Privileged Account Management: The Time is Now

Posted July 22, 2015    Dave Shackleford

There’s plenty of problems we don’t have great options for in InfoSec today. Malware is a pain point that keeps evolving rapidly. 0-day exploits are tough to prepare for. Privileged account management? We got this. We know the root causes, we know how it manifests, we know how to get it under control effectively, and there are great technology solutions that are enterprise-class.

Tags:
, ,