2012
By Randy Trzeciak
Senior Member of the Technical Staff
The CERT Program
According to the 2011 CyberSecurity Watch Survey,
approximately 21 percent of cyber crimes against organizations are
committed by insiders. Of the 607 organizations participating in the
survey, 46 percent stated that the damage caused by insiders was more
significant than the damage caused by outsiders. Over the past 11 years,
researchers at the CERT Insider Threat Center
have documented incidents related to malicious insider activity. Their
sources include media reports, the courts, the United States Secret
Service, victim organizations, and interviews with convicted felons.
From these cases, CERT researchers have identified four models of
insider threat behavior: (1) information technology (IT) sabotage, (2) fraud,
(3) national security/espionage, and (4) theft of intellectual property
(IP). Using those patterns, our researchers have developed network
monitoring controls that combine technological tools with behavioral
indicators to warn network traffic analysts of potential malicious
behavior. While these controls do not necessarily identify ongoing cyber
crimes, they may identify behaviors of at-risk insiders that an
organization should consider for further investigation. This blog
posting, the second in a series highlighting controls developed by the CERT Insider Threat Center, explores controls developed to prevent, identify, or detect IT sabotage.
Recent Comments