Inside Jobs: The Risk of Data Breach From Insider Threats

An excellent article appeared in the December 11, 2006, edition of Information Week entitled Insider Threats. The article starts with a description of the now infamous attack by an employee against UBS Paine Webber. What is surprising is the fact that UBS did not conduct a background check before he was hired nor before granting him the highest level of access to its computer systems. In this case, a background check would have revealed a criminal record. By the way, background checks to attain and maintain PCI compliance.

The article provides some interesting suggestions for reducing risks. One seemingly obvious one is to revoke a terminated employee’s access privileges BEFORE the termination. However, Dawn Cappelli, a senior member at the CERT Coordination Center at Carnegie Mellon, stated that about half of all insider attacks occur after an IT employee is dismissed but before his/her access privileges are revoked.

Another tip for IT managers is to watch for warning signs in the behavior of their employees, such as “insubordination, anger over perceived mistreatment, or resistance to sharing responsibility or training colleagues.”

The article also suggests informing IT employees that their system access will be monitored and their system changes will be tracked. Another IT policy should be to grant each IT employee just enough privileges to get his/her job done. “Usually, a person who does damage was given more access than they needed,” according to Bill Moylan, senior director of Aon Consulting’s IT risk group.

Good article — great tips — well worth reading.

This entry was posted on December 17, 2006 at 10:06 pm and is filed under Electronic Payment Security - General. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response or trackback from your own site.