All media outlets recently reported a recent security breach in the White House, which once again stressed out the threat of insider attacks.
According to ABC News Leandro Aragoncillo, a U.S. Marine most recently assigned to the staff of Vice President Dick Cheney, stole classified material from the vice president's office, included damaging dossiers on the president of the Philippines, and then passed them on to opposition politicians planning a coup in the Pacific nation. Sources said a former Philippine president has admitted that he received some information from the alleged spy.
We have no information on the methods used to obtain the documents. We do not know for instance, if the individual involved had legitimate access to the documents he allegedly stole or if he accessed them through "illegitimate" means. But irrespective of this, the breach does highlight the issue of insider attacks and the need for any organization to secure inside the perimeter.
How common are internal security attacks happening inside organizations worldwide?
Insider attacks have been with us almost as long as networks have been with us. It is a phenomena that has been extensively studied over the years, and depending on which study you believe, anywhere from 40% to 70% of ALL attacks come from the inside - and this ratio has held ever since the first time I ever saw a Cyber crimes report, well over 10 years ago. This means that a typical organization will see at least as many internal attacks in a given year as they will external ones. And for the most part these attacks have tended to be swept under the table, and in a lot of cases never got out of the IT department. Maybe some folks were disciplined and security holes were plugged but that was all.
But the rules of the game have changed in the last couple of years.
It started with the success and ubiquity of e-commerce. Today you can buy almost anything electronically. Which means that individuals now have two very separate identities - whether they want them or not;
- A physical identity, which is usually validated against a government issued ID, i.e. drivers license. And
- An electron identity, which is usually validated against "issued" data elements i.e. Social security number, account number, credit card number, personal ID number, etc.
Data elements that businesses have collected for years and were regarded a simple tools to help get the job done, now have very specific value attached to them. In fact data records sell today on the black market for anywhere from $5 to $100 a record depending on their contents.
This is such a significant problem, that Governments all over the world have responded with Data protection regulations - all aimed at forcing businesses who are the custodians of the data that form electronic identities to adequately protect them.
What should be done to minimize the threats from internal attackers?
The first thing organizations have to do it to realize that this threat is no longer one than can be "swept under the carpet". The increase in the intrinsic value of data records can only ensure that the insider attack ratio will climb. Data needs to be locked away in the same way that most organizations will lock away office supplies.
The consequences of a data breach have also changed dramatically over the past couple of years.