Feature
SKILLS
Catching the cuckoo While many organisations have good risk management systems for detecting threats from outside, fewer are prepared to deal with the actions of malicious insiders BY RYAN MEEKS
I
magine you are an IT technician within a large corporate organisation, tasked with conducting a routine audit of the company’s key servers. As you start sifting through, you begin to notice anomalies, strange indicators and unusual activity. You realise that the system is infected with a logic bomb that has been deleting key files and sending sensitive information through backdoor accounts for months. The scale and complexity of the attack is not immediately apparent, but the implications to the organisation are potentially crippling. How did it get there? How did it go unnoticed for so long? Who did it? While it may not be immediately clear, you soon realise that such an intricate and obscured attack was not perpetrated from the outside, but originates from a much more concealed and intelligent adversary: the malicious insider – a cuckoo’s egg in the midst of the organisation’s nest. Insider threats are defined as attacks to an organisation from the people within it. These could be permanent or temporary employees, or even part of the supply chain, but generally have access to the organisation’s critical systems, assets and information. Contrary to common belief, malicious insiders do not typically enter an organisation with harmful intentions, but are subject
30
The malicious insider is like a cuckoo’s egg in the midst of the organisation’s nest
Enterprise Risk