Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft Paperback – Mar 1 2006
|New from||Used from|
No Kindle device required. Download one of the Free Kindle apps to start reading Kindle books on your smartphone, tablet, and computer.
Getting the download link through email is temporarily not available. Please check back later.
To get the free app, enter your mobile phone number.
About the Author
Dr. Eric Cole is an industry recognized security expert, technology visionary and scientist, with over 15 year’s hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has over a decade of experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker for SANS Institute and faculty for The SANS Technology Institute, a degree granting institution.
Most Helpful Customer Reviews on Amazon.com (beta)
Insider Threat is unlike other threat-centric books published by Syngress. Inside the Spam Cartel, for example, is written by an anonymous spammer. Software Piracy Exposed is written by a reporter who gained the trust of the pirate underground. Insider Threat is written by security consultants who have to deal with the consequences of internal attacks. The real-world component appears in chapters 3-7, where case studies are presented. Some of these case studies feature comments from the perpetrators, but none are interviews with the perpetrators. I would have liked to have seen some first-hand reporting on these individuals, as appeared in Software Piracy Exposed.
Outside of the case studies, the advice in Insider Threat is sound. I was very glad to see the authors' insistence on monitoring and the recognition that prevention eventually fails. I would have liked to have seen a fictional case study showing how an internal attack was detected, tracked, and then thwarted using the authors' recommendations.
With respect to the authors' commentary and suggestions, that material seemed internally repetitive and spread thinly throughout the book. The book could really be reduced to 7 chapters, plus my recommended new case study: (1) intro to inside threat; (2-6) current chapters 3-7; (7) fictional case study; (8) recommendations to counter inside threat.
Incidentally, I agree with Thomas Duff's earlier comments. Combining better internal presentation with reorganization of material would make for a strong second edition of Insider Threat.
Part 1 - Insider Threat Basics: What Is There to Worry About?; Behind the Crime
Part 2 - Government: State and Local Government Insiders; Federal Government
Part 3 - Corporations: Commercial; Banking and Financial Sector; Government Subcontractors
Part 4 - Analysis: Profiles of the Insider Threat; Response - Technologies That Can Be Used to Control the Insider Threat; Survivability
Through the use of a very large number of stories and examples, Cole and Ring explore the (unfortunately) large number of ways in which your company or organization can be compromised by "insiders", people who you would consider to be trusted. It's one thing to make sure the grounds are secured and the computer systems are protected from outsiders. But what happens when the top sales guy decides to move to the competition and takes his client list with him? What about the cleaning crew who has full run of the office when nobody is there to watch them? And my favorite... the disgruntled computer guru who decides to teach the company a lesson on his way out the door. These threats are very real, and perhaps even more damaging than the threats you normally think about from the outside.
While I generally like the content and material they present here, I think the book suffers from poor editing and layout. There are few illustrations or diagrams to break up lengthy sections of text, and the amount of white space seems to be pretty low. I'm also not fond of how the bulleted points are handled. You'll be reading along and come to a point with four bulleted items. Each item is then given a paragraph header and a few pages. By the time you make it through those bullet points, you've lost the flow of what led up to them. I also felt like I had to read quite a ways through the book before I started to learn how to set up a system to guard against insider threats. There are plenty of examples of threats along with quick points about how to mitigate them, but there didn't seem to be much in the way of a comprehensive "bringing together" of the information into some sort of a framework. By the time I got to what resembled that at the end, I was a bit worn out...
The subject matter is good, and the points made in the book need to be considered and followed. Your company can easily be wiped out if you aren't careful. I just which the book had been laid out better for the reader...
The retail and gambling sectors have long understood the danger of the insider threat and have built their security frameworks to protect against both the insider and the outsider. Shoplifters are a huge bane to the retail industry, exceeded only by thefts from internal employees behind the registers. The cameras and guards in casinos are looking at both those in front of and behind the gambling tables. Casinos understand quite well that when an employee is spending 40 hours a week at their location dealing with hundreds of thousands of dollars; over time, they will learn where the vulnerabilities and weaknesses are. For a minority of these insiders, they will commit fraud, which is invariably much worse than any activity an outsider could alone carry out.
Insider Threat is mainly a book of real-life events that detail how the insider threat is a problem that affects every organization in every industry. In story after story, the book details how trusted employees will find weaknesses in systems in order to carry out financial or political attacks against their employers. It is the responsibility to the organization to ensure that their infrastructure is designed to detect these insiders and their systems resilient enough to defend against them. This is clearly not a trivial task.
The authors note that the crux of the problem is that many organizations tend to think that once they hire an employee or contractor, that the person is now part of a trusted group of dedicated and loyal employees. Given that many organizations don't perform background checks on their prospective employees, they are placing a significant level of trust in people they barely know. While the vast majority of employees can be trusted and are honest, the danger of the insider threat is that it is the proverbial bad apple that can take down the entire tree. The book details numerous stories of how a single bad employee has caused a company to go out of business.
Part of the problem with the insider threat is that since companies are oblivious to it, they do not have a framework in place to determine when it is happening, and to deal with it when it occurs. With that, when the insider attack does occur, which it invariably will, companies have to scramble to recover. Many times, they are simply unable to recover, as the book details in the cases of Omega Engineering and Barings Bank.
The premise of Insider Threat is that companies that don't have a proactive plan to deal with insider threats will ultimately be a victim of insider threats. The 10 chapters in the book expand on this and provide analysis to each scenario described.
Chapter 1 defines what exactly insider threats are and provides a number of ways to prevent insider threats. The authors note that there is no silver bullet solution or single thing that can be done to prevent and insider threat. The only way to do this is via a comprehensive program that must be developed within the framework of the information security group. Fortunately, all of these things are part of a basic information security program including fundamental topics like security awareness, separation and rotation of duties, least privilege to systems, logging and auditing, and more.
The irony of all of the solutions suggested in chapter one is that not a single one of them is rocket science. All of them are security 101 and don't require any sort of expensive software or hardware. Part of this bitter irony is that companies are oblivious to these insider threats and will spend huge amounts of money to protect against the proverbial evil hacker, being oblivious to the nefarious accounts receivable clerk in the back office that is draining the coffers.
One example the book provides is that many companies feel they are safe because they encrypt data. An excellent idea detailed in chapter two is to set up a sniffer and examine the traffic on the internal network to ensure that the data is indeed encrypted. The reliance on encryption will not work if it is not setup or configured correctly. The only way to know with certainty is to test it and see how it is transmitted over the wire. Many companies will be surprised that data that should be unreadable is being transmitted in the clear.
Some of the suggestions that authors propose will likely ruffle some feathers. Ideas such as restricting Internet, email, IM and web access to a limited number of users may sound absurd to some. But unless there is a compelling business need for a user to have these technologies, they should be prohibited. Not only will the insider threat threshold be lowered, productivity will likely increase also.
The author's also suggest prohibiting iPods or similar devices in a corporate environment. The same device that can store gigabytes of music can also be used to illicitly transfer gigabytes of corporate data.
Insider Threat provides verifiable stories from every industry and sector, be it commercial or government. The challenge of dealing with the insider threat is that it requires most organizations to completely rethink the way they relate to security. It is a challenge that many organizations would prefer to remain obvious to, given the uncomfortable nature of the insider threat. But given that the threats are only getting worse, ignoring them is inviting peril.
The only lacking of the book is that even though it provides a number of countermeasures and suggestions, they are someone scattered and written in an unstructured way. It is hoped that the authors will write a follow-up book that details a thorough methodology and framework for dealing with the insider threat.
Overall, Insider Threat is an important work that should be required reading for every information security professional and technology manager. The issue of the insider threat is real and only getter worse. Those that choose to ignore it are only inviting disaster. Those companies that will put office supplies and coffee under double-lock and key, while doing nothing to contain the insider threat are simply misguided and putting their organization at risk.
Insider Threat is a wake-up call that should revive anyone who doubts the insider threat.
I have had the opportunity to hear one of the authors speak at a recent security event. The speaker correctly addressed that the largest security threat to any company is from the insider-the one with all the access.
A cyber or network catastrophe is one disgruntled employee away. The speaker gave example after example of former employees who felt both an ownership of the product and a significant employer betrayer. This and their access to sensitive information have allowed and opportunity to steal customer information, sabotage networks or software, or sell data to competing companies.
They recommend rightly that Security managers should focus efforts on protecting proprietary and identity revealing information. This protection should include protecting trade secrets, establishing good termination procedures, learning to recognized disgruntled employees, use password protection and realizing that with networks and internet, an outside threat could easily become an inside threat.
I look forward to learning more from this book and applying it to my business.
Insider's Guide to Security Clearances
ISP Certification-The Industrial Security Professional Exam Manual or How to Prepare for and Pass the Industrial Security Professional Certification Exam
Look for similar items by category
- Books > Business & Investing
- Books > Computers & Technology > History & Culture > Manager's Guides to Computing
- Books > Computers & Technology > Internet & Social Media > Hacking
- Books > Computers & Technology > Networking & Cloud Computing > Network Security
- Books > Computers & Technology > Web Development > Security & Encryption > Encryption
- Books > Textbooks > Computer Science & Information Systems > Computer Science