All media outlets recently reported a recent security breach in the White House, which once again stressed out the threat of insider attacks.
According to ABC News Leandro Aragoncillo, a U.S. Marine most recently assigned to the staff of Vice President Dick Cheney, stole classified material from the vice president's office, included damaging dossiers on the president of the Philippines, and then passed them on to opposition politicians planning a coup in the Pacific nation. Sources said a former Philippine president has admitted that he received some information from the alleged spy.
We have no information on the methods used to obtain the documents. We do not know for instance, if the individual involved had legitimate access to the documents he allegedly stole or if he accessed them through "illegitimate" means. But irrespective of this, the breach does highlight the issue of insider attacks and the need for any organization to secure inside the perimeter.
How common are internal security attacks happening inside organizations worldwide?
Insider attacks have been with us almost as long as networks have been with us. It is a phenomena that has been extensively studied over the years, and depending on which study you believe, anywhere from 40% to 70% of ALL attacks come from the inside - and this ratio has held ever since the first time I ever saw a Cyber crimes report, well over 10 years ago. This means that a typical organization will see at least as many internal attacks in a given year as they will external ones. And for the most part these attacks have tended to be swept under the table, and in a lot of cases never got out of the IT department. Maybe some folks were disciplined and security holes were plugged but that was all.
But the rules of the game have changed in the last couple of years.
It started with the success and ubiquity of e-commerce. Today you can buy almost anything electronically. Which means that individuals now have two very separate identities - whether they want them or not;
- A physical identity, which is usually validated against a government issued ID, i.e. drivers license. And
- An electron identity, which is usually validated against "issued" data elements i.e. Social security number, account number, credit card number, personal ID number, etc.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.