Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Recession fuels insider threat risk

Imperva : 23 October, 2009  (Technical Article)
Imperva comments on the recent arrest of a Ford employee for stealing confidential information in the context of the global increase in insider threats
The arrest of a former product engineer at Ford for stealing sensitive design documents worth millions of dollars is just one of many insider threats occurring on a regular basis nowadays, says Imperva, the data security specialist.

"As Personally Identifiable Information (PII), credit cards, and financial information become more commoditized on the black market, we're going to start seeing more attacks focused on sensitive data that is considered intellectual property - such as Ford's design documents. " said Brian Contos, Chief Security Strategist at Imperva.

"Insiders abound regardless of the state of the economy, however, in difficult economic times the number of insider attacks is known to increase. Malicious insider actions are often triggered by some type of crisis - personal, financial, or professional" he added.

According to Contos, the greatest threats are from the inside. Insiders can operate more quickly, easily, and with greater stealth than an outsider.

Insiders have two things outsiders don't: trust and access, he comments. This makes barriers to committing the crime less of a technical issue and more of an ethical one. Criminals know this, and they know the return on investment of recruiting an insider is better than an external attack: why hack when you can recruit.

While the case at Ford deals with sensitive data theft, consider attacks on critical infrastructure supported by nation-states or even terrorist organizations, he explained. The impact of a malicious insider is far more devastating than that of an external attacker.

Never before has so much information been so easily accessible by so many, added Contos. This in combination with a difficult economic environment is a perfect storm for malicious insiders.

"Unfortunately the actions Xiang Dong Yu (aka Mike Yu) aren't that dissimilar from other high profile incidents of insider threat where millions of dollars worth of intellectual property were stolen and given to competitors" explained Contos.

Some examples include:

* A Chinese national—a programmer at Ellery Systems in Boulder Colorado transferred proprietary source code to a Chinese competitor Beijing Machinery. Subsequently, foreign competition directly attributed to loss of the source code drove Ellery Systems into bankruptcy. This incident was partially responsible for the 1996 Economic Espionage Act.

* Yonggang (Gary) Min plead guilty to stealing $400 million in trade secrets from DuPont in 2006 after ten years as a research chemist with the intention of bringing it to a competitor.

* Three Coca-Cola employees were charged with stealing confidential information and samples of a new drink and trying to sell them to Pepsi.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo