December 26, 2005
Book Review: Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft
Organizations tend to think that once they hire an employee or a contractor, that person is now part of a trusted group of people. Although an organization might give an employee additional access that an ordinary person would not have, why should it trust that person? If competitors or similar entities want to cause damage to an organization, steal critical secrets, or put a company out of business, they just have to find a job opening, prep someone to ace the interview, and have that person get hired. Depending on their objectives and patience, companies may never know they've been compromised.
Amy Pedersen, Vice President of Syngress Publishing said, "The threat is real and Dr. Cole and Ms. Ring have the case studies to prove it. Insider Threat profiles threats from state and federal government, commerce, banking and financial sectors, and contractors."
Inside the book coverage:
-Don't Underestimate Your Opponent
Most large insider attacks are well-orchestrated conspiracies, often
involving your major competitors and, at times, foreign governments.
-Factor in the Real Financial Risk of an Insider Attack
In the case of one pharmaceutical company, annual losses from one attack
were estimated at $350M annually.
-Understand the Key Technologies Used By Insiders
Methods of attack include steganography, encryption, and information
extraction.
-Master the Art of Patience
The first sign of insider threat is usually the tip of the iceberg;
surveillance over time will reveal the entire conspiracy.
-Put the Technology to Work
Tools include mole detection, profiling, monitoring, anomaly detection,
signature analysis, and die pad for data.
-Define an Acceptable Level of Loss
Why Insider Threat analysis should include anticipation of an acceptable
level of loss.
-Implement Successful Screening Techniques for New Hires
Most organizations do not require background checks. Do you know what
tip-offs to look for when hiring?
-"Trust No One, Suspect Everyone" Becomes an Essential Mind-Set
Detecting and determining the source of insider threats mean entering a
state of constructive paranoia.
-Protect Your Most Important Intellectual Property Assets
Access to strategically important formulas, data, and business plans must
be restricted and reviewed regularly.
Get Small Business Technology Report
Via Email Every Tuesday
What is Smallbiztechnology.com?
Smallbiztechnology.com helps small-medium sized businesses strategically use technology as a tool to grow their businesses and provides news, articles, discussion boards, resources, analysis & events for the owners of small to medium sized busineses.
Subscribe to the Smallbiztechnology feed.
Recent Posts
- Windows Home Server - For Home Based Businesses With Small Networks
- LinkedIn: It's Much More Powerful Than You Think
- Is Email Keeping You Down. An IBMer Skips Email for Social Tools
- Keep Your Laptop Bagged At the Airport: NEW TSA Rules
- As Gas Goe$ Up, Use Technology To Communicate
- Why Open Source Works, Tech Partners Are Essential and ERP Is a Must
- Data Ownership, Access and Location. It's A Mystery.
- Are Your Files and Emails Secure Enough?
- SaaS Spells Relief for Small Business
- Email Marketing: Why More Of You Don't Do It
The Third Annual Small Business Summit 2008 was a smashing success. Check out the Summit site for what you missed. See the 2008 Summit presentations, video and photos!
Post a comment