Not An Isolated IncidentBy Lawrence Walsh | Posted 2008-01-28 Email Print
Jerome Kerviel’s fraudulent activity cost the French bank $7.2 billion and reminds us all that technology isn’t always the solution to preventing major security breaches.
Sadly, this isn’t an isolated incident. According to the 2007 Computer Security Institute survey, roughly six in 10 enterprises reported a security breach by inside users. Enterprises stood a better chance of suffering an insider attack than having computers and networks compromised by viruses and worms, according to the survey.
Insider attacks long have been the more dangerous and destructive attacks, since they’re difficult to detect and prevent because of the users trusted access. Prior to regulations such as Sarbanes-Oxley and
- Timothy Lloyd (1996): Knowing that he was on the verge of being fired from his job at Omega Engineering in
- Robert Hanssen (2001): the disgraced FBI agent—passed over several times for promotion—used his expert knowledge and access to steal counter-espionage and foreign intelligence data to sell to the Russians. The full extend of the damage he caused to national security over two decades may never be known, but the information he leaked did cost the lives of foreign operatives who’s identities were compromised.
- Certegy “anonymous” database admin (2007): Details of this case are still sketchy more than six months after coming to light, but a database administrator charged with controlling access to check-cashing transaction data used his inside knowledge to steal bank account numbers and submit his own transactions. More than 8.5 million bank and credit card accounts were compromised.
Yes, enterprises should implement security controls and monitor user activity for inappropriate and prohibited behavior. Yes, enterprises should have defined segmentation and separation of duties for their employees to ensure no one user can gain access to all digital jewels. And yes, enterprises should routinely audit user accounts to ensure policy compliance.
And despite these precautions, the trusted insider will remain the most dangerous threat to enterprise security. No matter the security precautions taken, the Societe Generale/Kerviel case proves once again that no amount of technology will stop a person who you trust with your company’s digital and financial assets.
Lawrence M. Walsh is editor of Baseline Magazine and a noted security journalist. Share your thoughts on insider threats and trusted users turned hackers at email@example.com.