Non-malicious insiders: The biggest insider threat of all?Date: Jul 29, 2014
There's little question that malicious insiders pose a clear and present threat to enterprise information security, but according to one of the industry's top experts on insider threats, non-malicious insiders can be equally dangerous.
Randy Trzeciak, director of the Software Engineering Institute's CERT Program at Carnegie Mellon University, said his team has conducted extensive research looking for patterns of behavior from non-malicious insiders that may cause harm to an organization.
In this video interview, recorded at the 2014 RSA Conference, Trzeciak discusses the five common patterns of insiders who harm organizations even though they lack malicious intent.
Intentionally malicious insiders are a significant risk as well, and Trzeciak discusses SEU CERT's federally funded research and development center's efforts to identify both technical and non-technical patterns of behavior to give enterprises insight into how insider threats evolve over time and what organizations can do to detect and respond to them.
Surprisingly, Trzeciak said software developers often rank among the most dangerous insiders.
"We have a number of cases that we've analyzed where malicious coders or developers have introduced vulnerabilities that were used to harm the organization," Trzeciak said, "either before or after they left the organization."
Finally Trzeciak discusses whether enterprises should implement industry-specific insider threat detection controls, and the emerging category of tools to identify suspicious insider activity.
Expert Kevin Beaver reveals five common insider threats and how to mitigate them.
In this Security School lesson, Dawn Cappelli offers practical strategies to mitigate insider threats.