In the second of a series of reports focusing on insider threats to information systems and data, the United States Secret Service and Carnegie Mellon Software Engineering Institute's Computer Emergency Response Team found that the majority of insiders who committed attacks were former, disgruntled employees.
"The power of a terminated employee with system administrator access should not be underestimated," said Dawn Cappelli, senior member of the technical staff with CERT. "Some organizations completely neglect disabling access upon termination. Others go through the steps to disable access, but the insider is able to find that one access control gap that was overlooked."
The study found that negative work-related events triggered most of the insiders' actions. Of the 49 incidents examined, 80 percent of the saboteurs exhibited unusual behavior in the workplace prior to taking action, while less than half (43 percent) had authorized access at the time of the incidents.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.