Study: Insider Revenge Often Behind Business Cyberattacks
Majority of attacks by ex-employees who retain access.
http://www.pcworld.com/news/article/0,aid,...n052305X,00.asp
Jaikumar Vijayan, Computerworld
Monday, May 23, 2005
Companies hoping to mitigate their exposure to insider attacks need to ensure that they have good password, account, and configuration management practices, as well as the right processes in place for disabling network access when employees are terminated.
Also crucial are the need to have formal processes for handling employee grievances and negative events in the workplace as well as for reporting suspicious behavior, according to a report released this week by the U.S. Secret Service and Carnegie Mellon University's CERT Coordination Center.
The report is based on an investigation of 49 cases of insider attacks via computer systems in critical infrastructure sectors between 1996 and 2002. In a majority of cases, the primary motivation for the attacks appears to have been revenge, said Matt Doherty, special agent in charge of the Secret Service's National Threat Assessment Center.
"In 92 percent of the cases, a negative work-related event triggered the insider action," he said.
Good News
The good news for companies is that most of the attacks were planned and not impulsive acts, which are "very hard to prevent," Doherty said.
A key finding of the study was that a majority of the incidents involved former employees who shouldn't have been able to access the systems after they left the company they worked for, he said.
The majority of the cases didn't involve sophisticated attack tools. Rather, they occurred because organizations "neglected to disable access upon termination," he said. .............MORE CONTINUED IN ARTICLE.........