Presenter Adrian Fadzilah (MSyl)

Security Operations Manager

Insiders pose a substantial threat by virtue of their knowledge of and access to their employers systems and

databases. Insiders can bypass existing physical and electronic security measures through legitimate measures.

It is classed as one of the biggest threats to an

organisation.

• Introduce you to the threats • The profiles of the Insider • Mitigation of the threats

• We are all an Insider as soon as we join the company • We pose our own individual threat • Target: People, Information, Technology, Facilities

(Critical Asset) • Based on motive.

Edward Snowden

Nick Leeson

Kweku Adoboli

• Intentional or unintentional threat from people within the organisation

• Current or former contractors, business associates or employees

• Knowledge of the organisation, security practices, data and computer systems

• Intentionally or unintentionally impact an organisations critical assets

• Committing fraud, stealing or disclosing confidential or commercially valuable information, or disrupting networks, processes, systems or data

Intentional Threat is a current or former employee, contractor or business partner who:

• Has or had access to an organisations network, facilities or system

WHO

• Intentionally misused their access in order

TO

• Affect the confidentiality, the integrity and the availability of the organisations information and

data.

Unintentional Threat is a current or former employee, contractor or business partner who:

• Has or had access to an organisations network, facilities or system

WHO THROUGH

• Their action / inaction without malicious intent

CAUSE

• Harm or substantially increase the probability of future serious harm to the confidentiality, the

integrity and the availability of the organisations information and data.

Insider IT Sabotage

An Insiders use of IT to direct specific harm at an organisation or an individual

• Deletion of information • Bringing down systems

• Website defacement to cause embarrassment

Insider Theft of Intellectual Property

An Insiders who steals intellectual property from an organisation

• Designs, Documents

• Customer Information • Software

Insider Fraud

An Insiders use of IT for the unauthorised modification, addition or deletion of an organisations data, for personal gain or theft of

information which leads to fraud (credit cards)

• Theft and sale of confidential information • Modification of critical data (Criminal records, Driving Licence,

Benefits) • Stealing of money (financial organisations)

National Security

The act of stealing and delivering, or attempting to deliver information about National Security to foreign countries.

• Spying

The profile of the Insider can be anybody, but the Centre for Protection of National Infrastructure (CPNI) suggest that statistically: • 82% are men • 49% aged 31 – 45 years old • 88% are permanent employees • 45% are Managers • 47% is for financial gain • 58% are graduates • Most Insiders have worked for the company for 3 -5 years • Most commit the crime within 60 days of leaving

The reasons why an individual could resort to being an Insider can be vast, but the main reasons are:

• Disgruntled Staff • Financial Gain

• A change of employer • Commercial Espionage

• Revenge

Recognising the traits of an Insider is not easy and it is based more on behavioural factors such as:

Mitigating the risk of the insider can be conducted in the following ways but there is no “Silver Bullet”.

• Know your people

• Identify critical assets • Educate and Train personnel

• Controlled Access • Split responsibilities

• Be proactive and not reactive • Deterrence and detection

The Insider threat is very hard to detect and there is no answer on exactly how to stop it, but it can

be mitigated.

People work in positions of trust and responsibility and can therefore work under detection limits. It is

up to the organisation to understand these risks and the threats posed.

“Absence of the Normal and the presence of the Abnormal”