BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Predicting Insider Threats

Posted July 19, 2011    Peter McCalister

In the movie Minority Report, police have created a system which predicts crime before it happens in a nightmarish Orwellian scenario. But what if companies could predict who would attack their most valuable assets? What kinds of ethical considerations would arise?

While insider threats are less in number, when they do happen the damage is generally far greater than an outside attack. According to the 2011 CyberSecurity Watch Survey conducted by CSO Magazine and Deloitte, annual monetary losses from breaches average approximately $123,000 per organization.

This past year WikiLeaks has brought new meaning to the concept of insider threat by providing a convenient vehicle to empower staff at government agencies and public/private corporations to quickly and instantly hand over their privileged information to the world.

Researchers at Pacific Northwest National Laboratory believe that combining traditionally monitored cyber security data with other kinds of organizational data is one option or inferring the motivations of individuals, which may in turn allow early prediction and mitigation of insider threats. While unproven outside the lab, researchers believe that this combination of data may yield better results than either cyber security or organizational data would in isolation. However, this nontraditional approach yields inevitable conflicts between security interests of the organization and privacy interests of individuals.

Should warning signs of a potential malicious insider be addressed before a malicious event has occurred to prevent harm to the organization and discouragethe insider from violating the organization’s rules? Predictive approaches cannot be validated a priori; false accusations may harm the career of the accused; and collection/monitoring of certain types of data may adversely affect employee morale.

While predicting insider threats makes for an interesting movie plot, the best bet for organizations in this day and age is to implement privileged identity management solutions to create boundaries that enable end users and applications to communicate freely within an IT environment without worry of intentional, accidental or indirect misuse of privilege.

Leave a Reply

Additional articles

PBPS-screenshot-blog aug2014

Failing the Security Basics: Backoff Point-of-Sale Malware

Posted August 22, 2014    Marc Maiffret

At the beginning of this month, US-CERT issued a security alert relating to a string of breaches that had been targeting Point of Sale (POS) systems. The alert details that attackers were leveraging brute forcing tools to target common remote desktop applications such as Microsoft’s Remote Desktop, Apple Remote Desktop, Splashtop and LogMeIn among others….

Tags:
, , , , , ,

Troubleshooting Windows Privilege Management Rules with Policy Monitor

Posted August 21, 2014    Jason Silva

When defining and testing PowerBroker for Windows rules for production or pilots, customers sometimes tell us, “I don’t think this policy / program is working.” This is usually a case of the policy not properly triggering because of the way the rule was created. A unique feature of PowerBroker for Windows compared to other solutions is a client-side…

Tags:
, , ,
darren-mar-elia

BeyondTrust Webcast: Darren Mar-Elia’s 4 Active Directory Change Scenarios to Track

Posted August 20, 2014    Chris Burd

In our latest webcast, we joined Darren Mar-Elia, CTO at SDM Software, to discuss best practices for Active Directory (AD) change management. Here are some key takeaways from the presentation, followed by a link to a full-length video of the presentation. Mar-Elia kicks things off with a critical insight: that the best AD change management…

Tags:
, , , , , , ,