Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Insider Trading Case Emerges From Privileged Access Abuse

Imperva : 04 April, 2011  (Technical Article)
Imperva comments on the data access rights implications of the insider trading case involving US Chemist
Insider Trading Case Emerges From Privileged Access Abuse

A Food and Drug Administration (FDA) chemist and his son were charged yesterday with Insider Trading. The chemist was granted access to confidential data regarding drug approval reviews. The chemist, it turns out, had access to a database. The chemist then abused these privileges to purchase advance stock of those companies granted approval. According to the report, the chemist was able to profit $3.6 million.


Noa Bar-Yosef, Imperva’s Senior Security Strategist comments, “It’s only March but it seems 2011 is shaping up to be the year of the Insider. Wikileaks was just the tip of the iceberg. But low and mid-level employees have caused enterprises serious harm.”


Bar-Yosef continues, “When discussing data theft, we usually talk about hackers penetrating the networks of a company. However, we need to also consider the insider threat – people who are granted, by the employer, access to the organization’s sensitive data. It is not clear whether the chemist had to access those documents in order to perform his job or whether mistakenly granted access to documents he should have not had permission to view (i.e. excessive privileges). It does not matter. The result in this case is the same. The employee abused his privileges for an unfair advantage.”


Noa’s advice would be:


At first glance this seems like a lost case – maintaining and keeping control of an access control list across all the organization seems a nearly impossible task. So how would you be able to protect against such an individual who to begin with has access privileges to the document? Let’s consider behavioural analysis. An automated process could learn the behaviour of an individual and construct a profile based on certain parameters such as:


What data was accessed and was it necessary to perform the job?


How many times a file, or a certain database table, was accessed?


When was the data accessed and how much data was viewed or removed?


Any deviation from this profile, or any access above a certain threshold limit, should raise an alarm.


Bar-Yosef concludes “The chemist was eventually caught: ‘He was allegedly recorded by security software early this year accessing a confidential database on drug applications’. This is an example of how the access control works. A move outside of the normal required behaviour should sound the alarm. It’s just a shame that in this case it took the FDA five years to figure this one out. Had controls been put up sooner they would have saved themselves a lot of embarrassment.”

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo