BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to Security in Context

Bringing you news and commentary on solutions and strategies for protecting critical IT infrastructure in the context of your business.

Predicting Insider Threats

Posted July 19, 2011    Peter McCalister

In the movie Minority Report, police have created a system which predicts crime before it happens in a nightmarish Orwellian scenario. But what if companies could predict who would attack their most valuable assets? What kinds of ethical considerations would arise?

While insider threats are less in number, when they do happen the damage is generally far greater than an outside attack. According to the 2011 CyberSecurity Watch Survey conducted by CSO Magazine and Deloitte, annual monetary losses from breaches average approximately $123,000 per organization.

This past year WikiLeaks has brought new meaning to the concept of insider threat by providing a convenient vehicle to empower staff at government agencies and public/private corporations to quickly and instantly hand over their privileged information to the world.

Researchers at Pacific Northwest National Laboratory believe that combining traditionally monitored cyber security data with other kinds of organizational data is one option or inferring the motivations of individuals, which may in turn allow early prediction and mitigation of insider threats. While unproven outside the lab, researchers believe that this combination of data may yield better results than either cyber security or organizational data would in isolation. However, this nontraditional approach yields inevitable conflicts between security interests of the organization and privacy interests of individuals.

Should warning signs of a potential malicious insider be addressed before a malicious event has occurred to prevent harm to the organization and discouragethe insider from violating the organization’s rules? Predictive approaches cannot be validated a priori; false accusations may harm the career of the accused; and collection/monitoring of certain types of data may adversely affect employee morale.

While predicting insider threats makes for an interesting movie plot, the best bet for organizations in this day and age is to implement privileged identity management solutions to create boundaries that enable end users and applications to communicate freely within an IT environment without worry of intentional, accidental or indirect misuse of privilege.

Leave a Reply

Additional articles

skeletonkey3_713678_713680

Stopping the Skeleton Key Trojan

Posted June 29, 2015    Robert Auch

Earlier this year Dell’s SecureWorks published an analysis of a malware they named “Skeleton Key”. This malware bypasses authentication for Active Directory users who have single-factor (password only) authentication. The “Skeleton Key” attack as documented by the SecureWorks CTU relies on several critical parts.

Tags:
, , , , ,
webinar 2

On Demand Webinar: 10 Steps to Building an Effective Vulnerability Management Program

Posted June 26, 2015    BeyondTrust Software

In this on demand webinar, Cybersecurity Expert, Derek A.Smith will take you through his 10 steps for a successful vulnerability management program and how to get started now.

Tags:
, ,
AHHA_PRO.LOGO

Privileged Account Management – Another AH-HA in Cyber Security

Posted June 25, 2015    Nigel Hedges

I strongly believe that the Top 4 mitigation strategies don’t just simply apply to Australian organizations, it should be a global realization, a worldwide “ah ha!” for those still not quite understanding the importance here. Here’s a refresher (or intro) on the Top 4 mitigation strategies. Read on…

Tags:
, ,