Communications of the ACM
Insider Security Threat Gets a Serious Look By .s. Security Agencies
Researchers at the U.S. Department of Homeland Security, the U.S. Secret Service, and Carnegie Mellon University recently published a study that examined the technical and behavioral patterns from 67 insider and 13 external fraud cases that occurred since 2005 to develop insights and risk indicators of malicious insider activity.
"To defeat those who are defrauding financial services companies, security professionals in this sector must master both the technical and behavioral aspects of the problem as well as ensure compliance with external regulators and internal governance initiatives, all while protecting their organizations' profits, shareholders, and customers," the report says.
The researchers' work led to them to six conclusions. Criminals who executed a low and slow approach did more damage and escaped detection longer. Insiders' means were not very technically sophisticated, since in more than half of the cases the insider used some form of authorized access. Fraud by managers greatly differs from fraud by non-managers in terms or damage and duration. Only 16 percent of fraud incidents involved some type of collusion. Most of the incidents were detected through an audit, customer complaint, or co-worker suspicion. Many fraudsters target personally identifiable information.
From Network World
View Full Article
Abstracts Copyright © 2012 Information Inc., Bethesda, Maryland, USA
No entries found