When I first started my career in information technology, I was rather shocked to find out that one of the likeliest threats to an organization wasn’t external, but internal. Yes, that a trusted employee could in fact be the one carrying out some of the attacks that we mentioned previously. Just imagine Fred (not you, if your name is Fred, or I hope not), who comes to work on time everyday, even working overtime on weekends, is the one committing malicious acts on the company’s network. Who knew?

Well, this shouldn’t seem to far fetched. Ponder this: According to the National Threat Assessment Center of the United States Secret Service and the CERT Coordination Center (yes, a mouthful), in 70 percent of the cases studied in a survey conducted by these organizations, insiders, yes those working in the company, exploited weaknesses in applications, processes and procedures to carry out their nefarious deeds. And according to the Gartner Group, 70% of security incidents are actually insider jobs. Can you beweave that? Those dirty rats!

But who would do such a thing? What’s wrong with Fred you ask? Well, under those smiles, Fred might be one of the following: disgruntled, careless, or even angry. Since oftentimes we don’t know people as well as we might think, their ability to operate under the radar can wreak havoc on a company’s network, which can ultimately impact everyone in the company. Therefore, this brings me back to my original point that security is everyone’s business. But more on that later.

So, this week we’re going to mix a little technical jargon with the human element behind the machine. We’ll take a look at how inside attackers use their knowledge in service of the dark side and we’ll see how networks are targets.