Insurance & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:25 PM
Larry Greenemeier, InformationWeek, With Sharon Gaudin
Larry Greenemeier, InformationWeek, With Sharon Gaudin
Connect Directly

The Threat From Within

Insiders represent one of the biggest security risks because of their knowledge and access. To head them off, consider the psychology and technology behind attacks.

Roger Duronio was sentenced in December to 97 months in jail and ordered to pay $3.1 million in restitution for sabotaging UBS PaineWebber's IT systems in 2002. If you think there are no potential Duronios in your organization, consider this a brief history lesson on tech employees gone bad, and a refresher course on how to identify and stop insider malcontents before they do serious damage.

As a system administrator, Duronio, convicted this summer, placed a "logic bomb" to knock out much of UBS' network, then made financial bets that would pay off if the company's stock tanked as a result of the attack. Prudential Insurance IT staffer Donald McNeese in 2002 stole records from a Prudential database containing information on about 60,000 employees and was caught trying to sell identities for the purpose of perpetrating credit card fraud.

Nearly two-thirds of the 616 security pros surveyed in 2006 by the San Francisco-based Computer Security Institute say insiders account for some portion of the financial losses their organizations experience because of breaches. Thirty-nine percent of respondents attribute more than 20 percent of their organizations' financial losses to insider attacks, while 7 percent estimate that insiders account for a whopping 80 percent of financial losses.

While insiders aren't the most common security problem, they can be among the most costly and the most damaging to a company's reputation. Insider attacks against IT infrastructure are among the security breaches most feared by both government and corporate security pros, says Eric Shaw, a psychologist and former CIA intelligence officer who has studied insider threats.

The risks of insider attacks can be lessened by doing background checks on potential IT employees -- something far more companies are doing this year, according to Carnegie Mellon University's CERT (see related story, page 36). If an employee is terminated, it's crucial that all system access be revoked immediately. While that sounds obvious, about half of all insider attacks take place between the time an IT employee is dismissed and his or her user privileges are taken away, according to Dawn Cappelli, a senior member at the CERT Coordination Center, part of Carnegie Mellon's Software Engineering Institute.

1 of 3
Register for Insurance & Technology Newsletters