In the second of a series of reports focusing on insider threats to information systems and data, the United States Secret Service and Carnegie Mellon Software Engineering Institute's Computer Emergency Response Team found that the majority of insiders who committed attacks were former, disgruntled employees.
"The power of a terminated employee with system administrator access should not be underestimated," said Dawn Cappelli, senior member of the technical staff with CERT. "Some organizations completely neglect disabling access upon termination. Others go through the steps to disable access, but the insider is able to find that one access control gap that was overlooked."
The study found that negative work-related events triggered most of the insiders' actions. Of the 49 incidents examined, 80 percent of the saboteurs exhibited unusual behavior in the workplace prior to taking action, while less than half (43 percent) had authorized access at the time of the incidents.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
- Educational webcasts, resources from industry leaders, and informative newsletters.
- Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
