The Insider Threat – Identifying your Insiders. SiliconIndia Security Conference 2010, Bangalore, 2 nd Oct By Thiru A, Principal Consultant, Risk & Compliance, Security Services, MindTree Ltd. Agenda : Insider Threat – Identifying your Insider. The Insider Problem – An Inconvenient Truth - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
“It is alarming that although most of the top 15 security policies and procedures from the survey are aimed at preventing insider attacks, 51% of respondents who experienced a cyber security event were still victims of an insider attack.
While outsiders (those without authorized access to network systems and data) are the main culprits of cybercrime in general, the most costly or damaging attacks are more often caused by insiders (employees or contractors with authorized access).
Loss of productivity, hence of loss of business/revenueMisuse of resources – Leads to a slow-down in the
availability of resources to othersLoss of sensitive, proprietary data and Intellectual PropertyReputational damage, Media & Public attention, etcRegulatory & Contractual non-complianceFinancial losses thr’ fraud, litigation, penalties and so onSends wrong signals to other staffWorkplace conflicts, leading to indecision, inaction, etc.,
Slide 9
Excuses and untreated Incidents can fuel insider threats to continue unabated
monitoring against complianceEscalation & remediation
Metrics - Incidents, Vulnerabilities, Time taken for patching
Slide 13
With best people, processes, controls & technologies we canmanage external threats muchbetter. Can we say that with the same level of confidence about internal threats ?
We are in a industry that employs highly educated professionalsWorking on or developing cutting
edge technologies andIn an environment that has an
impact globallyHave a huge responsibility to
lead from the front in many aspects
Slide 14
Technology is adopted firstFormal risk mitigation & policies
comes next, if happensImplementation of controls occurs
over a period of timeProbably without policies and risk
assessmentCompliance takes even longer
With freedom, comes responsibilityThe more the responsibility, the higher the freedomHas the potential to bring down security, audit & compliance overhead
Works as a morale booster, Instills confidence in customers