Académique Documents
Professionnel Documents
Culture Documents
Research Report
Managed Security Services
Fortunately, a number of solutions can mitigate the insider Motivations and methods
threat. Products that monitor behavior and provide anomaly What motivates an insider to commit a crime against a
detection are key. Focusing on access management, specifically company? Often the breach is unintentionaltheres no
Privileged Identity Management (PIM), is an important malicious objective, just carelessness on the part of the
step towards preventing data breaches. And an organization employee. The 2015 IBM Cyber Security Intelligence Index
can go a long way towards an effective defense against reports that 55 percent of attackers are insiders, and of
malicious insiders by implementing a complete data lifecycle those, nearly half are inadvertent actors. According to the
management (DLM) approach. Privacy Rights Clearinghouse (PRC), there have been over
29 million records compromised by unintended disclosure
breaches during the past ten years (2005-2014) in the United
States and 32 million records compromised intentionally
About this report by insiders with legitimate access to sensitive information.
This report was created by the IBM Managed Security Unintended disclosure can come in the form of accidentally
Services Threat Research group, a team of experienced and posting information on the companys public-facing
skilled security analysts working diligently to keep IBM clients website, improperly disposing of clients records, or sending
informed and prepared for the latest cybersecurity threats. information to the wrong party via fax, mail or email.
This research team analyzes security data from many internal
and external sources including event data, activity, and trends While the statistics around unintended disclosure are
sourced from tens of thousands of endpoints managed and
unsettling, this avenue of compromise can be mitigated quite
monitored by IBM for Managed Security Services accounts
effectively through stricter policy controls and improved user
around the globe.
education. Malicious insiders are another story; people who
want to purposefully take advantage of the company they work
for can be very dangerous. Theyre harder to thwart because
they go to extraordinary measures to circumvent access
controls and arent concerned with corporate policies or the
potential consequences of their actions.
4 Battling security threats from within your organization
The sharp downturn of insider threats in 2014 following an unwilling to prosecute because once they do, everything
upsurge during the four previous years is curious, but not becomes public information. They might even have to turn
without explanation. The influence of the recession beginning company material over to a non-friendly law enforcement or
in December 2007 appears to have continued for several government entity in another country.
years after its official end in June of 2009. As noted in Chart
Book: The Legacy of the Great Recession, The relatively Industries targeted
modest pace of job growth over most of the recovery kept the Among industries targeted, the government and military
unemployment rate high long after the end of the recession,2 institutions have been by far the most seriously affected
and during those years, the hardships of job loss or pay cuts may by unintended disclosure, with nearly 20 million records
have tempted normally upstanding individuals to break the law. compromised between 2005 and 2014 (see Figure 2). But
Its also probable that in times of economic downturn, criminal given this sectors secretive nature, under reporting is more
gangs capitalize by stepping up their efforts to bribe insiders than likely and the real number may be much higher. The
into committing fraud or leaking confidential information. general business category is in distant second place with less
When the unemployment rate in the United States dropped to than 5 million records compromised. Across all industries, just
under six percent in 2014for the first time since 2008, before over 29 million of the nearly 736 million records reported as
the recession beganthose negative incentives pushing insider compromised fall into the unintended disclosure category.
breaches probably lost some of their power.
Not surprisingly, finance and insurance was the sector most
Another reason for the decline in reports of both unintended seriously affected by intentional insider breaches, accounting
disclosure and malicious insider incidents may be that although for 88 percent of all records reported compromised in this
incidents might still be happening and even increasing, theyre way (Figure 3). These institutions house a wealth of profitable
not being reported. Most companies dont want to air their information for insiders looking to capitalize on their position
dirty laundry and tend to keep internal matters internalif within the company. Unlike the unintended disclosure
theyre not mandated to report an incident, they wont. category, government and military institutions ranked a far
Internal incidents can lead to human resource actions, and a second in intentional disclosures.
companys legal team is usually very cautious about any action
that might involve external third-party vendors. Theyre
Research Report 7
Finance and
insurance
1,280,711
Retail/merchant 208,756
Educational 1,865,525
Government/
military
19,413,391
Healthcare 1,559,363
Nonprofit 1,441
Finance and
insurance
29,128,245
Retail/merchant 84,960
Educational 187,820
Government/
military
1,048,866
Healthcare 685,610
Nonprofit 1,000,317
That last item is often the hardest to address. Custom, build-it- Protect your enterprise while reducing cost
yourself malware toolkits are easily acquired, so organizations and complexity
would be wise to take hosts used by former employees offline From infrastructure, data and application protection to cloud
immediately. A backup should be made on an external storage and managed security services, IBM Security Services has the
device and the host completely rebuilt from trusted media expertise to help safeguard your companys critical assets. We
before being reconnected to the network and passed on to protect some of the most sophisticated networks in the world
another employee. Host intrusion monitoring is the key to and employ some of the best minds in the business.
ensuring that devices are behaving as expected.
IBM offers services to help you optimize your security
An organizations data is one of its most vital assets. A program, stop advanced threats, protect data and safeguard
comprehensive encryption strategy should be applied to cloud or mobile. With IBM Managed Security Services,
protect confidential information and maintain compliance. you can take advantage of industry-leading tools, security
Protecting data involves covering all the basesdata at rest, intelligence and expertise that will help you improve your
in transit and in useand special attention should be paid to security postureoften at a fraction of the cost of in-house
how information is disposed. Also, a comprehensive security security resources.
strategy to prevent insider threats needs to address physical
security requirements. Deploying a digital video surveillance
About IBM Security
system or employing a security guard should help reduce
IBM Security offers one of the most advanced and integrated
physical threats. A complete data lifecycle management (DLM)
portfolios of enterprise security products and services. The
approach including data loss prevention (DLP) software is
portfolio, supported by world-renowned IBM X- Force
essential both to guard against insider threats and to address
research and development, provides security intelligence
government and industry compliance requirements.
to help organizations holistically protect their people,
infrastructures, and data and applications, by offering
If an organization has in place a comprehensive security
solutions for identity and access management, database
solution that incorporates the mitigating tactics noted in this
security, application development, risk management, endpoint
report, it has taken the important steps to protect itself against
management, network security and more. IBM operates one
insider threats. At a minimum, corporations should be able to
of the worlds broadest security research, development and
spot such threats quickly and respond before too much damage
delivery organizations, monitors 15 billion security events per
is done.
day in more than 130 countries, and holds more than 3,000
security patents.
Research Report 11
The Real Story of Stuxnet IEEE Spectrum Lance Mueller, Senior Incident Response Analyst
http://spectrum.ieee.org/telecom/security/the-real-story-of-
stuxnet Nick Bradley, Practice Lead, Threat Research Group
IBM Corporation
IBM Security
Route 100
Somers, NY 10589
IBM, the IBM logo, ibm.com, QRadar and X-Force are trademarks of
International Business Machines Corp., registered in many jurisdictions
worldwide. Other product and service names might be trademarks of
IBM or other companies. A current list of IBM trademarks is available on
the Web at Copyright and trademark information at
ibm.com/legal/copytrade.shtml
1
Ponemon Institute, 2015 Cost of Data Breach: Global Analysis
http://www.ibm.com/security/data-breach
2
Chart Book: The Legacy of the Great Recession http://www.cbpp.org/cms/
index.cfm?fa=view&id=3252
Please Recycle
SEL03036-USEN-00