The Fraud Blog with Tracy Kitten

Insider Threats and Cyber Vigilantes

Attacks Ain't What They Used to Be

We often call it "insider threat," and it typically involves a disgruntled employee who either hacks, steals or sells customer or corporate information for personal gain.

In recent years, the economic downturn fueled insider threat concerns, and most organizations have stepped up efforts to predict, track and catch insider fraud.

These are people on your workforce: ideological insiders that have access to your information, and they're using it for a cause or to prove a point. ... This is a whole counter-culture thing. 

But so-called insider threats are not what they used to be, especially in the cyber-realm. Over the last six to 12 months, we've seen a shift, and security experts agree that shift has tipped the scales out of the organization's favor.

Today's recent cyberattacks - as hacks at Google and computer breaches at the U.S. Senate and the International Monetary Fund prove - are increasingly waged not for personal gain, but social change. And the attackers are often internal, as well as external.

This new kind of motivation could prove stronger than the drive to hack, steal and cheat for monetary gain - a sentiment that's been echoed and bounced by numerous security experts I meet.

Josh Corman, research director of the Enterprise Security Practice at The 451 Group, says cyber-vigilantes like LulzSec and Anonymous, now simply known as Anon, are changing the way Infosec approaches insider threats, or at least they should. [See Breach Avoidance: 4 Tips and LulzSec: Senate, Sony Hackers Profiled.]

"These are people on your workforce: ideological insiders that have access to your information, and they're using it for a cause or to prove a point," Corman says. "This is more like Fight Club than espionage. They do your laundry; they work in the mailroom. This is a whole counter-culture thing."

That counter-culture concern and increasing risks associated with insider threats, whether vigilante or otherwise, came up more than once this past week during the Gartner Security & Risk Management Summit near D.C. I caught up with a number of industry experts while I was there, and you can glean more insight from the host of interviews I conducted. [See Gartner Summit: Focus on Security & Privacy.]

I found some points raised by Julie Bernard of Ernst & Young to be particularly applicable. Bernard says insider threats are often overlooked. Organizations spend more time and money protecting the perimeter, forgetting or neglecting to recognize that wars waged from the inside are often the most damaging. In fact, outside attacks are more often than not linked to insider compromises.

"We see more individuals being targeted, and those targeted attacks are increasing," she says. "Insider threat is equal to outside threat, and tracking behavior and monitoring activity is critical."

Bernard calls it cross-security discipline, and we can expect to see organizations increasingly implementing its practice as threats grow.

Cyberattacks are definitely going to get worse before they get better. They can't be stopped, but understanding how, why and where they are being launched is at least 70 percent of the battle.

About the Author

Tracy Kitten

Tracy Kitten

Former Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years of experience, she covered the financial sector for over 10 years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by, ABC News, and MSN Money.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.