Confronting the insider threat.

摘要

Insider attacks have historically been, and will continue to be, a threat to organizations of all types. This issue is important because it can affect almost any type of business. Unfortunately, organizations have generally focused more on preventing the external threats to their networks, and done little to recognize or deter attacks originating from within. With the proper training of the workforce and the implementation of effective countermeasure, the threat of insider attacks can be considerably reduced. The purpose of this research project was to draw attention to the problem of insider threat and highlight methods for reducing the risk of such attack. First, a definition of insider threat was established. Then, specific characteristics and motives of an insider threat in order to better identify and anticipate future occurrences of an insider threat were examined, in order to better anticipate or recognize future occurrences of an insider threat. This was followed by descriptions of possible indicators of an active insider attack and reasoning behind such actions. Next, practical countermeasures and procedures were detailed, to suggest possible ways businesses could deter or prevent an attack on their networks by an insider threat. Additionally, some actual cases of insider threat were examined, demonstrating some of the traits and indicators of those cases. Finally, key findings and specific recommendations are provided in the conclusion of this paper.;Keywords: Cybersecurity, Professor Albert Orbinati, Walker, Snowden, CERT, espionage, Intellectual Property theft.