Most insider attacks are planned well in advance by former employees intent on revenge, according to a study released by the U.S. Secret Service and the Carnegie Mellon Software Engineering Institute’s CERT.
The report is the second Insider Threat study by the Secret Service and CERT. Funded partly by the Department of Homeland Security, the studies aim to gain better understanding of how insider attacks affect data systems in the nation’s critical infrastructure sectors.
The recent report studied 49 cases between 1996 and 2002. In all of the cases, the insider tried to sabotage the organization or harm a specific person.
The study showed:
-A negative work-related event triggered most of the insider attacks.
-Sixty-two percent of the incidents were planned in advance.
-Eighty percent of the insiders exhibited unusual behavior in the workplace before carrying out their attacks.
-Fifty-seven percent exploited vulnerabilities in applications or processes.
-Most attacks were carried out via remote access.
-Insider attacks caused financial losses in 81 percent of the organizations affected and damaged business reputations in 28 percent of the cases.
The report outlines steps companies can take to prevent such attacks, including disabling network access upon employee termination, establishing a formal grievance procedure for employees, and enforcing comprehensive password policies.