Ever think someone could come to work for your company, become disgruntled and sabotage your business? If not, think again.
Insider threats and cyber attacks are becoming more and more common, and they can be very hard to trace.
Randy Trzeciak with the U.S. Computer Emergency Readiness Team (CERT) Program at Carnegie Melon University shared analyses from various types of cyber crimes, including IT sabotage and fraud, at the Chemical Sector Security Summit earlier this month in Baltimore. The event was co-sponsored by the Department of Homeland Security and SOCMA.
During his presentation Trzeciak described patterns that are evident in insider threats, so attendees could recognize the behavior in their own organizations and implement effective countermeasures. Sadly, these individuals are hard to detect until the damage is already done.
Why do people do such things? It can be as simple as a person coming to work for your company with expectations, and for one reason or another, they become disappointed when the company doesn’t live up to them. That’s when they set up a plan of attack.
People who commit IT sabotage are technically sophisticated and use the company network system of data to disrupt service or sabotage the company. As for fraud, Trzeciak said most cases involve long, ongoing schemes, and many of the employees who carry them out have been with the company for years. He cited an example of a research scientist who defrauded a company by downloading 38,000 documents containing his company’s trade secrets before going to work for a competitor. The information was valued at $400 million.
Mitigation strategies to prevent these threats include sharing information across the organization, continuous logging, targeted monitoring and real-time alerts, Trzeciak said.
The summit also included a presentation by Fernando Keller, DHS/Intelligence and Analysis, who provided insight into threat developments in the homeland and chemical sector. Al Qaeda and its affiliates will continue to be a threat to U.S. security, seeking revenge for the death of Osama bin Laden, Keller said. Adding a layer of difficulty in preventing these terrorists from carrying out their agenda is the increase in U.S. citizens involved in these attacks.
And one of the most fascinating presentations came from Dr. Kirk Yeager and Kieran Smith with the FBI, both experts in explosives and chemical weapons, who presented a synopsis of terrorist threats utilizing commercial chemicals and discussed recent cases where attacks were prevented and the lessons they learned. It’s scary to know that people go online to learn how to make a bomb, and most of them purchase the chemicals they need to make those bombs in stores we visit every day.
To read more about the Chemical Sector Security Summit or to listen to podcasts with a DHS official, click here.
For photos from the summit, click here.
For more information on the summit, contact Alexis Rudakewych at (202) 721-4198 or Christine Sanchez at (201) 721-4182.
By guest blogger Jenny Gaines, Assistant Manager, Public Relations and Media
Copyright © ADT Security Services, Inc. 2011 - All Rights Reserved. Legal Disclaimer - Some of the individuals posting to this site, including the moderators, work for ADT Security Services, Inc. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of ADT Security Services, Inc. The content is provided for informational purposes only and is not meant to be an endorsement or representation by ADT Security Services, Inc. or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release ADT Security Services, Inc. from any liability related to your use of the Website. You also grant to ADT Security Services, Inc. a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.