This series of articles and the accompanying videos are part of an ongoing project to illuminate the people, products, and vendors that make up the IT security industry. The vendors paid for the video production.

In a recent post I discussed trust interfaces as a method of evaluating and improving security strategies. One of those trust interfaces is with employees, or more broadly, insiders.

As Mike Crouse, director of insider threat strategy at Raytheon, told me recently, insider abuse is rarer than attacks from the outside, but the impact can be much greater.

Some of the biggest breaches ever have been the result of trusted insiders. The famous case of Jose Ignaci Lopez de Arriortua departing General Motors for Volkswagon (VW) predated the digital era. He took boxes of confidential files with him. Ultimately VW settled with GM for $1.1 Billion over that case.

Jerome Kerviel at Societe General was a case of insider fraud, and there are lots of cases of insider abuse just for destructive purposes. The case of Roger Duronio at UBS Paine Webber may be the most famous. He installed a “logic bomb” that shut down 2,000 servers after he left his employer.

Crouse describes recognizing these three cases,  IT sabotage, fraud, and IP theft, as the beginning of the process to creating an insider threat strategy.

The first step is identifying and understanding the roles assigned to privileged users. Assuring that the right roles are assigned to the right people, minimizing those roles where possible, and then monitoring activity are the components of an insider threat strategy.

Education of employees about the monitoring is critical too. People who are watched are much less likely to engage in malicious behavior just as the presence of security cameras in a parking lock are a preventative measure.

Listen to Michael Crouse describe insider threat strategies and Raytheon’s approach in my interview:

Leave a Reply