Today's headlines are littered with news of identity thieves, organized cyber criminals, corporate espionage, nation-state threats and even terrorists. They represent the next wave of security threats but still possess nowhere near the devastating potential of the most insidious threat: the insider. This is not the bored 16 year-old hacker. We are talking about insiders like you and I, who are trusted employees with access to information - consultants, contractors, partners, visitors, vendors, and cleaning crews. Anybody within an organization's building or networks that possesses some level of trust. Some insiders are malicious to begin with, joining organizations with surreptitious motives from the onset. These malicious insiders may work for competitors, organized crime groups, activists, terrorist organizations or even foreign governments.
However, most insiders do not start with malicious intent, but become disgruntled or are motivated by financial gain. Other contributing factors can be fear, excitement, politics or even general malice. Others simply make mistakes, having no malicious motive, but their actions nonetheless have serious consequences. The larger an organization gets, the more likely it is to be concerned with insider threats. In a 2005 IDC study, it was discovered that about 40% of large organizations felt that the greatest security risks stem from internal threats as opposed to external attacks. Around 30% of respondents felt that the threats were about equal. Because of these threats, not taking steps to address insiders can ultimately yield regulatory fines, legal fees, litigation penalties associated with class actions, public relations fees, a decrease in shareholder faith, expenses related to placating customers and ultimately lost revenue.
There is no security panacea. There is no piece of software that one can install, no box that can be plugged in, no policy that can be written, and no guru who can be hired to make an organization 100% secure. Insider threats are the hardest threats to prevent, most difficult to detect, and most politically-charged to mange. Security is a process that requires vigilance and awareness. It is a merger of people, processes, and technology. Finding the best combination of these variables to mitigate risk helps achieve a strong security posture. With vivid real-life cases, this book addresses the most difficult to manage and costly of all security threats: the insider.
About the Author
Brian T. Contos, CISSP
Chief Security Officer, ArcSight Inc.
Mr. Contos has real-world security engineering and management expertise developed in over a decade of working in some of the most sensitive and mission-critical environments in the world. For four years as ArcSight’s CSO, he has advised government organizations and Fortune 1,000s on security strategy related to Enterprise Security Management solutions and has evangelized the ESM space. He has delivered speeches, written numerous white papers, performed webcasts and podcasts and published countless security articles for publications such as: The London Times, Computerworld, SC Magazine,Tech News World, Financial Sector Technology, and the Sarbanes-Oxley Compliance Journal. Mr. Contos has held security management and engineering positions at Riptech (a Managed Security Services Provider (MSSP) acquired by Symantec), Lucent Bell Labs, Compaq Computers, and the Defense Information Systems Agency (DISA). He has worked throughout North America, South America,Western Europe, and Asia, holds a number of industry and vendor certifications, and has a BS from the University of Arizona.