FEATURED: The Bushy Roads In The City Of Accra: Who Is Sleeping On The Job?...

13.02.2009 US & Canada

Malicious insider attacks to rise

By Daily Guide

The world's biggest software maker has warned companies to expect an increase in "insider" security attacks by disgruntled, laid-off workers. Microsoft said so-called "malicious insider" breaches were on the rise and would worsen in the present downturn.

"With 1.5 million predicted job losses in the US alone, there's an increased risk and exposure to these attacks," said Microsoft's Doug Leland.

"This is one of the most significant threats companies face," he said.

As the general manager of the newly formed Identity and Security unit at the company, Mr Leland told BBC News the effects of such attacks could be far reaching.

"The malicious insider is classed as the greatest security concern because they have access, and relatively easy access, to corporate assets," said Mr Leland.

Trillion dollar losses
A groundbreaking study last year by Verizon in the US found that insider breaches accounted for 18% of attacks with the remainder coming outside the company - for example by hackers, government agencies or business partners.

The report covered 230 million records over four years across the financial, technology, retail and food sectors.

Meanwhile a study by McAfee pegged total global economic losses due to data theft and security breaches thanks to organised crime, hackers and inside jobs at $1 trillion last year.

The problem is not just a serious one for business.

Just this week, on the heels of some high-profile government breaches, President Obama announced an immediate 60-day review of how the federal government uses technology to protect secrets and data.

"The national security and economic health of the United States depend on the security, stability and integrity of our nation's cyberspace, both in the public and private sectors," said John Brennan, the president's top adviser for counterterrorism and homeland security.

'Well-meaning insiders'
Symantec, the world's top security software maker, agreed that the financial downturn would lead to an increase in malicious insider breaches. Kevin Rowney, founder of the firm's Data Loss Prevention Unit, said in most cases people are motivated by "revenge, fear or greed."

But Mr Rowney also noted: "One of the biggest problems that is often ignored is the problem of well-meaning insiders.

"Their actions act as a prequel event to a lot of the attacks by more malicious parties. These people help proliferate the spread of confidential data, which makes it easier for malicious insiders to get a hold of it."

A report last week by the Ponemon Institute, a privacy and data protection research group, found that 88% of data breaches were caused by simple negligence on the part of staff.

Mr Rowney said common scenarios involved employees stealing information to sell to a third party, to get back at a company for being laid off or demoted or to try and get a job at another company.

"We have even seen it as bad as people who got [lay-off notice]pink slips, that day going to a customer database and forwarding huge blocks of this data out the door so they can then set up shop and sell to the same customers the next day," explained Mr Rowney.  BBC