Press Careers Contact us

VSN Encrypt

  
WhitePapers Partners Financial Services
VSN Encrypt
Secerno - Award Winning Database Security - Visus IT
Home
 
Threats to Data
> External Threats
> Internal Threats
> Impact of Breaches
> Protecting Against    Attack
 
Compliance
> How Secerno can help
 
Secure Application Development
 
Secerno Home
Secerno Awards
News
 
© Visus IT Ltd 2005

Internal Threats

While most employees are trustworthy, corrupt, intimidated and disgruntled employees or contractors represent just as big a threat to a company as the determined hacker. And honest employees can make genuine, yet costly mistakes. For example, a DBA may accidentally delete crucial files, a distributor may unwittingly place an order for a million rather than a thousand units or a clerk may make an error in processing a payment.

The methods of internal attack for high financial gain have become much more focused. Recent evidence suggests that criminal organisations are now planting new, or corrupting existing, staff in potentially lucrative corporations. And thieves have even disguised themselves as cleaning staff in financial institutions, in order to download spyware onto the computers used to handle international wire transfers of money.

The Police believe that 1 in 10 (of 300) of Glasgow's financial call centres have been infiltrated by criminal gangs. And recent research from the United States Secret Service, CERT and CSO Magazine on Internal Attack in an E-Crime Watch Survey, suggests that:

The insider motivation to attack:
- 81% financial gain
- 23% revenge

The way insiders attack:
- 87% use valid user commands
- 78% use authorised accounts
- 43% use their own IDs

The profile of an internal attacker is:
- 23% in a technical position (17% with root access)
- 39% unaware of the organisation’s security measures

The Solution

Authentication is no longer enough. Now the question is not “who is accessing the database?” It is “who is asking the database to do what?” Authentication is simply a crude delegation of trust, but there are many ways in which trust can be abused. An intelligent data security solution that will identify and protect against users utilising legitimate commands that exceed the requirements of their normal job function is the best way to ensure that data is not compromised by internal threats.

“For approximately five years, we’ve been experiencing a steady increase in the professionalisation of cybercrime. For many organisations, the biggest risk will be insiders, not outsiders. The fact is that a significant amount of proprietary data walks out of the door every day.”

Jay Heiser, Research VP, Gartner

 

Secerno Partner

 

  
 
Please enquire
 
Name:
Email:
Telephone:
Service Required:
How can we help?