Speaker: Randall Trzeciak
Cyber crimes committed by malicious insiders continue to represent one of the most significant threats to networked systems and data. It is important to consider the insider threat perspective when developing policies and procedures for responding to cyber security events.
Since 2001 CERT's insider threat team has built an extensive library and comprehensive database containing hundreds of actual cases of insider cyber crimes. This presentation will focus on three primary types of insider cyber crimes: IT sabotage, theft of intellectual property (e.g. trade secrets), and employee fraud. For each type of crime, a "crime profile" will be presented which describes who committed the crimes, their motivation, organizational issues surrounding the incidents, methods of carrying out the attacks, impacts, and precursors that could have served as indicators to the organization in preventing the incident or detecting it earlier. Insight will be provided regarding the technical means and methods used by malicious insiders including where to gather data on insider activity for event reconstruction. We will convey the "big picture" of the insider threat problem - the complex interactions, relative degree of risk, and unintended consequences of policies, practices, technology, insider psychological issues, and organizational culture over time. Each crime profile will describe the patterns evident in the crimes so that attendees can recognize these patterns in their own organizations, and implement effective countermeasures to mitigate the threat.
Attendees will leave with an understanding of the scope of the insider threat problem, patterns to watch for that could signify increased risk, and proactive measures that they can put into place for prevention and detection of insider threats. Actual cases will be presented throughout the presentation to provide concrete examples and lessons learned.