Customer Reviews

Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft

5 star:		(6)
4 star:		(3)
3 star:		(1)
2 star:		(1)
1 star:		(0)

 

 

Just two words: this is an anecdotical book about insider originated attacks, not a technical book discussing prevention and detection techniques and tools. I was mislead by the title when bought the book. Try instead the book EXTRUSION DETECTION if interested in prevent, detect, and fight insider traitors/attackers in enterprises, data centers, intranets or extranets.

Thousands of computer security books have been published that deal with every conceivable security issue and technology. But Insider Threat is one of the first to deal with one of the most significant threats to an organizations, namely that of the trusted insider. The problem is that within information technology, many users have far too much access and trust than they should truly have.

The retail and gambling sectors have long understood the danger of the insider threat and have built their security frameworks to protect against both the insider and the outsider. Shoplifters are a huge bane to the retail industry, exceeded only by thefts from internal employees behind the registers. The cameras and guards in casinos are looking at both those in front of and behind the gambling tables. Casinos understand quite well that when an employee is spending 40 hours a week at their location dealing with hundreds of thousands of dollars; over time, they will learn where the vulnerabilities and weaknesses are. For a minority of these insiders, they will commit fraud, which is invariably much worse than any activity an outsider could alone carry out.

Insider Threat is mainly a book of real-life events that detail how the insider threat is a problem that affects every organization in every industry. In story after story, the book details how trusted employees will find weaknesses in systems in order to carry out financial or political attacks against their employers. It is the responsibility to the organization to ensure that their infrastructure is designed to detect these insiders and their systems resilient enough to defend against them. This is clearly not a trivial task.

The authors note that the crux of the problem is that many organizations tend to think that once they hire an employee or contractor, that the person is now part of a trusted group of dedicated and loyal employees. Given that many organizations don't perform background checks on their prospective employees, they are placing a significant level of trust in people they barely know. While the vast majority of employees can be trusted and are honest, the danger of the insider threat is that it is the proverbial bad apple that can take down the entire tree. The book details numerous stories of how a single bad employee has caused a company to go out of business.

Part of the problem with the insider threat is that since companies are oblivious to it, they do not have a framework in place to determine when it is happening, and to deal with it when it occurs. With that, when the insider attack does occur, which it invariably will, companies have to scramble to recover. Many times, they are simply unable to recover, as the book details in the cases of Omega Engineering and Barings Bank.

The premise of Insider Threat is that companies that don't have a proactive plan to deal with insider threats will ultimately be a victim of insider threats. The 10 chapters in the book expand on this and provide analysis to each scenario described.

Chapter 1 defines what exactly insider threats are and provides a number of ways to prevent insider threats. The authors note that there is no silver bullet solution or single thing that can be done to prevent and insider threat. The only way to do this is via a comprehensive program that must be developed within the framework of the information security group. Fortunately, all of these things are part of a basic information security program including fundamental topics like security awareness, separation and rotation of duties, least privilege to systems, logging and auditing, and more.

The irony of all of the solutions suggested in chapter one is that not a single one of them is rocket science. All of them are security 101 and don't require any sort of expensive software or hardware. Part of this bitter irony is that companies are oblivious to these insider threats and will spend huge amounts of money to protect against the proverbial evil hacker, being oblivious to the nefarious accounts receivable clerk in the back office that is draining the coffers.

One example the book provides is that many companies feel they are safe because they encrypt data. An excellent idea detailed in chapter two is to set up a sniffer and examine the traffic on the internal network to ensure that the data is indeed encrypted. The reliance on encryption will not work if it is not setup or configured correctly. The only way to know with certainty is to test it and see how it is transmitted over the wire. Many companies will be surprised that data that should be unreadable is being transmitted in the clear.

Some of the suggestions that authors propose will likely ruffle some feathers. Ideas such as restricting Internet, email, IM and web access to a limited number of users may sound absurd to some. But unless there is a compelling business need for a user to have these technologies, they should be prohibited. Not only will the insider threat threshold be lowered, productivity will likely increase also.

The author's also suggest prohibiting iPods or similar devices in a corporate environment. The same device that can store gigabytes of music can also be used to illicitly transfer gigabytes of corporate data.

Insider Threat provides verifiable stories from every industry and sector, be it commercial or government. The challenge of dealing with the insider threat is that it requires most organizations to completely rethink the way they relate to security. It is a challenge that many organizations would prefer to remain obvious to, given the uncomfortable nature of the insider threat. But given that the threats are only getting worse, ignoring them is inviting peril.

The only lacking of the book is that even though it provides a number of countermeasures and suggestions, they are someone scattered and written in an unstructured way. It is hoped that the authors will write a follow-up book that details a thorough methodology and framework for dealing with the insider threat.

Overall, Insider Threat is an important work that should be required reading for every information security professional and technology manager. The issue of the insider threat is real and only getter worse. Those that choose to ignore it are only inviting disaster. Those companies that will put office supplies and coffee under double-lock and key, while doing nothing to contain the insider threat are simply misguided and putting their organization at risk.

Insider Threat is a wake-up call that should revive anyone who doubts the insider threat.

Those who want to understand the nature of internal attackers should read Insider Threat. The book combines general recommendations to detect and thwart internal attackers with case studies discussing fraud, espionage, and other unfortunate events. Insider Threat could benefit from a tighter focus and better presentation of material, but the core message is still noteworthy.

Insider Threat is unlike other threat-centric books published by Syngress. Inside the Spam Cartel, for example, is written by an anonymous spammer. Software Piracy Exposed is written by a reporter who gained the trust of the pirate underground. Insider Threat is written by security consultants who have to deal with the consequences of internal attacks. The real-world component appears in chapters 3-7, where case studies are presented. Some of these case studies feature comments from the perpetrators, but none are interviews with the perpetrators. I would have liked to have seen some first-hand reporting on these individuals, as appeared in Software Piracy Exposed.

Outside of the case studies, the advice in Insider Threat is sound. I was very glad to see the authors' insistence on monitoring and the recognition that prevention eventually fails. I would have liked to have seen a fictional case study showing how an internal attack was detected, tracked, and then thwarted using the authors' recommendations.

With respect to the authors' commentary and suggestions, that material seemed internally repetitive and spread thinly throughout the book. The book could really be reduced to 7 chapters, plus my recommended new case study: (1) intro to inside threat; (2-6) current chapters 3-7; (7) fictional case study; (8) recommendations to counter inside threat.

Incidentally, I agree with Thomas Duff's earlier comments. Combining better internal presentation with reorganization of material would make for a strong second edition of Insider Threat.

Often the worst threats to your systems are from those you consider "trusted". Dr. Eric Cole and Sandra Ring discuss that subject in the book Insider Threat - Protecting the Enterprise from Sabotage, Spying, and Theft.

Contents:
Part 1 - Insider Threat Basics: What Is There to Worry About?; Behind the Crime
Part 2 - Government: State and Local Government Insiders; Federal Government
Part 3 - Corporations: Commercial; Banking and Financial Sector; Government Subcontractors
Part 4 - Analysis: Profiles of the Insider Threat; Response - Technologies That Can Be Used to Control the Insider Threat; Survivability
Index

Through the use of a very large number of stories and examples, Cole and Ring explore the (unfortunately) large number of ways in which your company or organization can be compromised by "insiders", people who you would consider to be trusted. It's one thing to make sure the grounds are secured and the computer systems are protected from outsiders. But what happens when the top sales guy decides to move to the competition and takes his client list with him? What about the cleaning crew who has full run of the office when nobody is there to watch them? And my favorite... the disgruntled computer guru who decides to teach the company a lesson on his way out the door. These threats are very real, and perhaps even more damaging than the threats you normally think about from the outside.

While I generally like the content and material they present here, I think the book suffers from poor editing and layout. There are few illustrations or diagrams to break up lengthy sections of text, and the amount of white space seems to be pretty low. I'm also not fond of how the bulleted points are handled. You'll be reading along and come to a point with four bulleted items. Each item is then given a paragraph header and a few pages. By the time you make it through those bullet points, you've lost the flow of what led up to them. I also felt like I had to read quite a ways through the book before I started to learn how to set up a system to guard against insider threats. There are plenty of examples of threats along with quick points about how to mitigate them, but there didn't seem to be much in the way of a comprehensive "bringing together" of the information into some sort of a framework. By the time I got to what resembled that at the end, I was a bit worn out...

The subject matter is good, and the points made in the book need to be considered and followed. Your company can easily be wiped out if you aren't careful. I just which the book had been laid out better for the reader...

Frankly, this book does a great job addressesing major problem. Companies must be aware of and manage risk to economic, sensitive and classified information espionage. I have to say that Sandra Ring and Dr. Cole have it right on. Security Manager focus should be on the insider threat.

I have had the opportunity to hear one of the authors speak at a recent security event. The speaker correctly addressed that the largest security threat to any company is from the insider-the one with all the access.

A cyber or network catastrophe is one disgruntled employee away. The speaker gave example after example of former employees who felt both an ownership of the product and a significant employer betrayer. This and their access to sensitive information have allowed and opportunity to steal customer information, sabotage networks or software, or sell data to competing companies.

They recommend rightly that Security managers should focus efforts on protecting proprietary and identity revealing information. This protection should include protecting trade secrets, establishing good termination procedures, learning to recognized disgruntled employees, use password protection and realizing that with networks and internet, an outside threat could easily become an inside threat.

I look forward to learning more from this book and applying it to my business.

Author of:

Insider's Guide to Security Clearances

ISP Certification-The Industrial Security Professional Exam Manual or How to Prepare for and Pass the Industrial Security Professional Certification Exam

Books on insider threats are hard to find, and this one does a good job detailing the issue. The first chapter was full of great content.

Dr. Eric Cole and Sandra Ring's Insider Threat: Protecting The Enterprise From Sabotage, Spying, And Theft explains how insider attacks often occur within organizations themselves, showing risk facts, methods, and how to recognize the first signs of an insider conspiracy routine. Learn how technology can thwart such attacks, define an acceptable level of loss in the process, and learn how to screen new hires and protect intellectual property assets with a guide which focuses on corporate data theft and its prevention.

I bought this book to learn about the latest structured thinking - on the risks in our system, and what can be done about them. Even if the risk mitigation was perhaps not an effective return for all situations.

This book is well organized, and brings out the challenges we face - with a real face. It covers technology, process, and people risks, and provides risk mitigation strategies as suggestions, which works well.

Well worth the time and money.

This book is an easy read and served me well in my research paper on the cyber threat of the authorized insider. Eric Cole is a credentialed and excellent source on this topic. While I had textbooks that also discussed this, they did not go into the detail that this book did. A great source for those pursuing degrees in Information Assurance.

Do you know how to prevent employees and contractors from stealing your corporate data? If you don't, then this book is for you. Authors Eric Cole and Sandra Ring, have done an outstanding job of writing a book that shows you how to protect your enterprise from sabotage, spying and theft.

Cole and Sandra Ring, begin with an introduction on how bad the insider threat problem really is and why you should be concerned about it. Then, the authors cover a wide range of technologies and methods that can be used by an insider to cause harm to a company. Next, they discuss unique insider threats to state and local government institutions. The authors continue by drawing your attention to the fact that insiders within the federal government do not just commit espionage. They also discuss various threats to information, such as sabotage and theft, the impact of these actions to the reputation and financial health of organizations, and describe several real-life case studies involving well-known commercial companies. Next, the authors highlight the threat of identity theft and what institutions can do to help prevent insiders from participating in fraud rings. The authors also focus on insider threats from government contractors. Then, they do a profile of insider threats. The authors continue by showing you how to respond to problem of insider threat by looking at technologies and concepts that can be used to control and limit the damage that insiders can perform. Finally, they examine how a company goes about surviving an insider threat and increasing their defenses over time to minimize the amount of damage it will cause.

This most excellent book will show you why internal threats are exponentially more dangerous that external threats. More importantly, this book will show you how to protect your most important intellectual property assets.