Insiders or Outsiders?

Solutionary Blog and Bloggers

Solutionary is an information security company. What does that mean? Simply put, we help businesses protect their assets, remain fully secure and safe online, and maintain and adhere to compliance regulations and standards. Solutionary's blog is a place to learn about, and discuss, a wide variety of security and compliance topics.

For more information about Solutionary, click here.

To read the Solutionary blog comment policy and disclaimer, click here.

Solutionary Bloggers:

Brad Curtis, Compliance Manager              Jon Heimerl, Director of Strategic Security  Mike Hrabik, President and CTO             Don Gray, Chief Security Strategist       Court Little, Director of Strategic Security Joseph Blankenship, Director of Marketing 
Doug Picotte, Regional Technical Manager
Rob Kraus, Director of Research               Erik Barnett, Regional Technical Manager Jose Hernandez, Security Consultant
Jozef Krakora, Sr Product Manager      Robert Jeffries, Research Analyst, Security Engineering Research Team (SERT)

Subscribe to our blog

Your email:

Browse by Tag

Posts by popularity

Solutionary Minds - Your Information Security Blog Source

Current Articles | RSS Feed RSS Feed

Insiders or Outsiders?

Posted by Jon Heimerl on Tue, Jan 24, 2012 @ 08:33 AM
  
  
  
Add to delicious  delicious  
  
Being a security geek, I was talking about Internet Security with a friend, and they asked me “What was the biggest break-in that you personally worked on?” That is actually an easy question. I worked with a company that had fallen prey to a series of attacks that included a literal infestation of dozens of servers across several geographic locations. Despite our guidance, they felt that they could not really take their environment off line to purge their environment, so last I heard, some years later, they were still fighting off re-infections.

But, maybe that was not the real question. As far as we were able to tell, the attackers were using the servers as bots and storage. We were never able to tell that they had actually stolen anything, or cost the company anything other than time, and considerable bandwidth. So, maybe the real question should have been “what was the worst security incident with which I had ever been involved?”

Well, that is an easy question too. It was a case of internal fraud. An employee was generating fake invoices and approving payments, to the tune of millions (and millions) of dollars. Millions. And the fraud were found by accident. Another employee was tracking down a mis-paid invoice, and literally stumbled across a series of invoices. He recognized the address, and absolutely knew that there was no such company at that address. A little investigation showed that the same person had submitted and approved every invoice, and when they added up the amounts organizational management nearly stroked out. Immediate account revocation and termination followed, with charges were filed pretty much the same day.

The issue was not a “break-in”, but an internal abuse of authorized access. “They” tell us that we should worry more about internal threats than we should the wily hacker. No one wants to. We don’t want to think that the guy we sit next to, that we eat lunch with, that we argued over resources with, that we held the elevator door for, is “the bad guy”. They might be. They probably are not, but they might be. And we have to keep that in mind when we look at our environment, because we really do have to worry about the internal threat.

Keep that in mind, and try to make it to our January 24 eSymposium on Insiders with access.

 

describe the image

Tags: ,

COMMENTS

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics