![]() ![]() But repeated accidental actions could be considered ‘negligent’. Examples include emailing proprietary data to the wrong person, or be a victim of a phishing attack and install malware in the company network. ‘Accidental’ action neither has a motive to harm nor does it have a conscious decision to act inappropriately. Malicious insiders exploited business processes as often as they exploited technical vulnerabilities (Insider Threat Defense Inc, 2017). Examples include copying company proprietary information in a personal thumb drive to work during the weekend to meet a project deadline or be more productive. ‘Negligent’ action is based on conscious decision to act inappropriately, but do not have harmful motives. Examples include copying proprietary information such as intellectual property for personal gain, leaking pending merger talks to competitor company. ‘Malicious’ action requires a motive to harm the company with a conscious decision to act inappropriately (Kowalski et al, 2008). What are the insider threats and motives? The primary threats posed by an insider involve loss of valuable company data by his/her actions regardless of intent. By this definition, examples of an insider include employees (i.e., CEO, janitor, etc.), former employees, contractors, business partners, or suppliers if the party in question has active access to the third-party company’s asset (Kowalski et al, 2008, & Insider Threat Defense Inc, 2017). Who is an insider? An insider is anyone who has active physical or logical access to a third-party company asset involving information systems. Finally, this paper will present a framework to protect confidentiality, integrity and/or availability of data from insider threats. Malicious attacks are intentional, whereas negligent and accidental attacks are unintentional. Additionally, it will explain security gaps that lead to the loss of valuable sensitive, protected, or confidential data, regardless of attacker intent. The goals of this paper are to review and analyze selected cybercrimes’ events, where actors of those data breaches are insiders, and recommend a common set of actions which would have prevented or reduced successful criminal exploitations. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |