The big, external breaches get the headlines, but the insider crimes are doing significant financial damage, says Tim Ryan of Kroll Advisory Solutions. How can organizations address the insider threat?
Two new insider fraud cases showcase the challenges organizations face to detect and prevent crimes by trusted employees. "You need IT controls, but you need more than IT," says researcher Randy Trzeciak.
The answer seems obvious, especially in the context of IT security and information risk. Yet, is it, especially when developing codes and standards, as well as funding research and development initiatives that involve taxpayer money?
Former FBI cyber unit chief Tim Ryan sees mounting dangers from the insider, acknowledging undiscerning employees who don't follow proper processes can cause devastation. But he says the actions of those with malicious intent can be more catastrophic.
Prompted by the WikiLeaks breach, President Obama has issued a memorandum directing federal agencies to implement minimum standards to protect vast amounts of classified data on government computers, networks and systems from insiders.
A wave of distributed denial of service attacks on banks raises the question: Should the owners of the nation's critical information infrastructure, when assessing risk, be held to a higher standard because society relies on them to function?