Disgruntled Employee or Cybercriminal?

Our recent report entitled Unsecured Economies: Protecting Vital Information cited survey results that shed light on the changing “face” of the threat horizon. These results confirm once again that the top threat to information comes from the people within, the very people that we employ or welcome inside our systems as partners and contractors. But the report also indicated some new texture on this topic in the context of the current economic downturn, namely that laid-off employees and financially-strapped employees were top concerns within the insider threat category.

This got me to thinking…and whiteboarding…and this is what came out:

With the evolution of cybercrime into a multi-billion (multi-trillion?) dollar industry, cybercriminals have the highest motivation to attack the enterprise in pursuit of credit card numbers, identity information and intellectual property. But cybercriminals have to fight their way through security defenses, while employees tend to sit inside most of these defenses and thus represent attractive co-conspirators. Of course the most attractive co-conspirators are “highly credentialed” employees such as system administrators, DBAs and executives.

Data theft conspiracies can take many forms. For example, a disgruntled employee might merely become more lax about information protection practices (password management, paying attention to Internet use, removable storage scenarios, etc.) that could lead to vulnerabilities exploited by (continue reading...)