Yesterday we starting discussing the insider threat. Yes, those wily individuals who smile in our faces while engaging in some type of behavior that we&d find shocking, incredible, unconscionable, unforgivable – okay, you get my point.
Interestingly enough, in the book, Insider Threat, the authors outline 4 types of insiders: pure insider, insider associate, insider affiliate and outside affiliate. Yes, can you believe that there are actually names for these folks? Not sure if that&s good or bad. Nevertheless, today, we&ll focus on the pure insider.
According to the authors, the pure insider can access all that s/he needs as an employee of the company. Yes, this means access to the building, network, etc. So imagine someone in your company, with access to perhaps some of the same (if not more) information as yourself working against the company? Just think of the damage that s/he might inflict on the company, the shareholders, the public and even you. Now don't got gettin& any ideas the next time your boss makes you mad.
There&s also the elevated pure insider. This person might be a system administrator, who has all the privileges on the company&s network. I'm sure you can imagine the damage that this person can do. Or, in the words of one law firm system administrator “â€œI can take these guys out of business anytime I want.â€ YIKES! And to think that this guy has the keys to the kingdom. Wonder if those lawyers know it?
And you&d better believe that some of these administrators have made good on their threats. At a company called Omega Engineering, a network engineer caused $10 million in losses, 80 layoffs and the loss of several clients when he detonated a software time bomb that he had planted in the network he helped to build.When the bomb went off, over 1000 programs were erased and purged from the network.
In addition, proprietary software was lost. Oh, and by the way, why did he do it you ask? Because he was mad about his termination from the company and sought revenge.
So, let's be sure that we understand that there are indeed threats to the company and that they&re not always outside its doors.