As a system administrator, Duronio, convicted this summer, placed a "logic bomb" to knock out much of UBS' network, then made financial bets that would pay off if the company's stock tanked as a result of the attack. Prudential Insurance IT staffer Donald McNeese in 2002 stole records from a Prudential database containing information on about 60,000 employees and was caught trying to sell identities for the purpose of perpetrating credit card fraud.
Nearly two-thirds of the 616 security pros surveyed in 2006 by the San Francisco-based Computer Security Institute say insiders account for some portion of the financial losses their organizations experience because of breaches. Thirty-nine percent of respondents attribute more than 20 percent of their organizations' financial losses to insider attacks, while 7 percent estimate that insiders account for a whopping 80 percent of financial losses.
While insiders aren't the most common security problem, they can be among the most costly and the most damaging to a company's reputation. Insider attacks against IT infrastructure are among the security breaches most feared by both government and corporate security pros, says Eric Shaw, a psychologist and former CIA intelligence officer who has studied insider threats.
The risks of insider attacks can be lessened by doing background checks on potential IT employees -- something far more companies are doing this year, according to Carnegie Mellon University's CERT (see related story, page 36). If an employee is terminated, it's crucial that all system access be revoked immediately. While that sounds obvious, about half of all insider attacks take place between the time an IT employee is dismissed and his or her user privileges are taken away, according to Dawn Cappelli, a senior member at the CERT Coordination Center, part of Carnegie Mellon's Software Engineering Institute.