In the upcoming 2014 Verizon Data Breach Investigations Report, one of the key attack categories was classified as insider misuse, with 11,698 instances reported.
The category is defined as any unapproved or malicious use of organization resources. It can also include insider collusion with an outsider as well as trusted business partners who have privileges on the network.
The primary driver of insider misuse is financial gain, or fraud. This year they are better able to identify what the attackers are after and it is internal data and intellectual property.
Although this may not seem surprising, the ability to get more details around these attacks I believe is a testament to the increased logging and auditing capabilities organizations have to identify perpetrators and targets. The majority of the discovery of misuse is almost immediate, again an indicator that more organizations are adopting proper detective controls to identify insider misuse.
In terms of recommended controls the DBIR recommends the data centric approach to managing network security, identifying and classifying data and keeping tight control over who has access to it. Monitoring user activity and for data exfiltration are also listed, developing a solid logging and auditing program is critical to mitigating the insider threat.
We will be presenting a webcast on the insider threat on Insider Threat Kill Chain: Detecting Human Indicators of Compromise. We will be covering actual insider threat cases and how to detect insider risk before an event happens, as well as how organizations can detect and remediate an actual insider threat event.
In this upcoming webinar we will:
- Discuss how human resources, legal and IT can work together to help prevent insider threats before they become a problem
- Identify risk indicators with employee attitudes and behavior and how it correlates to their patterns of activity on your network
- Show how you can use log intelligence and security analytics to automate actions and alerts and rapid reporting and forensics
- Date: May 08, 2014
- Time: 11:00 AM Pacific/2:00 PM Eastern
- Duration: One Hour
- Verizon 2014 DBIR: Hide Your Servers and Call the Cops
- DBIR: Nine Distinct Patterns Account for Majority of Attacks
- Stopping the Heartbleed
- Detecting Heartbleed Exploits in Real-Time
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock