Malicious Insiders


Published on

Malicious Insiders examines the role that insider play in sabotage, industrial espionage and fraud. We also examine how taking proactive steps reduces these risks.

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Malicious Insiders

  1. 1. Malicious Insiders
  2. 2. SSC <ul><li>Company Overview </li></ul><ul><li>Founded in 1975 HQ in Shelton, CT – privately held </li></ul><ul><li>District Offices in Hartford, CT; Elmsford, NY; Parsippany, NJ </li></ul><ul><li>Strong Northeast Regional Provider </li></ul><ul><li>Servicing Over 300 Clients </li></ul><ul><li>Business Units </li></ul><ul><ul><li>Uniformed Security Services </li></ul></ul><ul><ul><li>Investigative and Consulting Services </li></ul></ul>
  3. 3. SSC Financial Institutions Law Firms Insurance Industry Law Enforcement Government Corporate Educational Real Estate Companies Industries We Serve
  4. 4. SSC Security Risk Consulting Investigations Uniformed Security
  5. 5. Agenda <ul><li>Definitions </li></ul><ul><li>Case Studies of Malicious Insiders </li></ul><ul><ul><li>Carrie E. Pifer </li></ul></ul><ul><ul><li>Terry Childs </li></ul></ul><ul><ul><li>Dongfan “Greg” Chung </li></ul></ul><ul><li>Insider Motivations </li></ul><ul><li>The Cost of insiders </li></ul><ul><li>Steps to reduce the threat of insiders </li></ul><ul><li>Wrap Up and Questions </li></ul>
  6. 6. Insiders <ul><li>TRUST </li></ul>
  7. 7. Definitions <ul><li>Insider : An individual who has been given a position of trust within an organization </li></ul><ul><ul><ul><li>Employees </li></ul></ul></ul><ul><ul><ul><li>Contractors </li></ul></ul></ul><ul><ul><ul><li>Vendors </li></ul></ul></ul><ul><ul><ul><li>Customers </li></ul></ul></ul>
  8. 8. Definitions: What insiders can do <ul><li>Espionage: The act of using a position of trust or an individual within an organization to the benefit of a third party </li></ul><ul><li>Sabotage: Disrupting the normal course of operations of an organization by damaging or otherwise adversely affecting a process, equipment, or other property </li></ul><ul><li>Embezzlement: Theft of money or appropriating company resources for personal use </li></ul><ul><li>Vandalism: Willful destruction of company property </li></ul><ul><li>Violence: Can be threats of violence or physical violence </li></ul>
  9. 9. Carrie E. Pifer <ul><li>Employee at John’s Appliance City </li></ul><ul><li>Was responsible for making the night deposits </li></ul><ul><li>Embezzled more than $500,000 from the company since 2008 </li></ul><ul><li>The fraud was uncovered by a third party accounting firm during a routine audit </li></ul><ul><li>John Hinton described himself as an “absentee owner” </li></ul>
  10. 10. Terry Childs Case Study <ul><li>Terry Childs was a Cisco Certified Internetworking Engineer for the San Francisco Department of Technology and Information Services </li></ul><ul><li>Designed the city’s FiberWAN network, a complex city-wide project </li></ul><ul><li>Had a conflict with superior and held network passwords </li></ul><ul><li>Mayor Newsome intervened to get network passwords back </li></ul>
  11. 11. Dongfan “Greg” Chung <ul><li>Contractor at Boeing </li></ul><ul><li>Naturalized US Citizen </li></ul><ul><li>Stole secrets related to the Space Shuttle and other aerospace technology </li></ul><ul><li>Turned over secrets to People’s Republic of China </li></ul><ul><li>Convicted of Espionage and sentenced to fifteen years in prison </li></ul>
  12. 12. Insiders: What we see What We See What we do not see
  13. 13. Insiders: Motivation <ul><li>There are a set of categories that describe the general motivations of insiders that commit either espionage or sabotage. These categories fit into the acronym: </li></ul><ul><li>MICER </li></ul>
  14. 14. Insiders: Motivations <ul><li>M - Money </li></ul><ul><li>I - Ideology </li></ul><ul><li>C - Coercion </li></ul><ul><li>E - Ego </li></ul><ul><li>R - Revenge </li></ul>
  15. 15. Insiders: Motivations External Pressures Internal Psychology Malicious Act
  16. 16. External Pressures <ul><li>Substance Abuse </li></ul><ul><li>Infidelity </li></ul><ul><li>Gambling </li></ul><ul><li>Deviant Lifestyle choice </li></ul><ul><li>Family Crisis </li></ul><ul><li>Employer Sanctions </li></ul>
  17. 17. Internal Psychology <ul><li>Serious Mental Disorders </li></ul><ul><li>Personality Disorders </li></ul><ul><li>Poor Social Skills </li></ul><ul><li>Decision Making Biases </li></ul><ul><li>Low Self-Esteem </li></ul><ul><li>Anger Management Issues </li></ul>
  18. 18. Costs of Insider Threats <ul><li>Malicious Insider Conduct Costs Businesses </li></ul><ul><ul><li>Billions in revenue from fraud </li></ul></ul><ul><ul><li>Brand name loss through sabotage </li></ul></ul><ul><ul><li>Intellectual Property loss through espionage </li></ul></ul><ul><ul><li>Employees’ health due to workplace violence </li></ul></ul><ul><li>Stolen Office Equipment: $656,982,032 </li></ul><ul><li>Average small business fraud $200,000 </li></ul><ul><li>These losses come off the bottom line and impact businesses at every size </li></ul><ul><li>Can any business afford a 5% reduction in revenue? </li></ul>
  19. 19. Mitigating the Insider Threat <ul><li>There are proactive steps that can reduce the risk of an insider committing a malicious act: </li></ul><ul><ul><li>Hiring Practices: Pre-Employment Screening </li></ul></ul><ul><ul><li>Policies and Procedures </li></ul></ul><ul><ul><li>Separation of Duties </li></ul></ul><ul><ul><li>Legal, Risk Management and HR Coordination </li></ul></ul><ul><ul><li>Pre-Incident Indicators </li></ul></ul><ul><ul><li>Internal Complaint Procedures </li></ul></ul><ul><ul><li>Termination Procedures </li></ul></ul>
  20. 20. Hiring Practices: Pre-employment Screening (PES) <ul><li>Mitigates the Insider Threat </li></ul><ul><li>Avoid money and time by hiring and training the right individuals </li></ul><ul><li>Promotes safe and profitable workplace </li></ul><ul><li>Protects an employer from </li></ul><ul><ul><ul><ul><ul><li>Negligent hiring exposure </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Wrongful termination </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Embarrassment </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Incidences of sexual harassment </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Financial loss/theft embezzlement </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Workplace disruption </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>Injury claims </li></ul></ul></ul></ul></ul>Having a program, deters applicants with something to hide Benefits
  21. 21. PES: Who should be checked? <ul><li>Especially anyone </li></ul><ul><li>working with: </li></ul><ul><li>Children </li></ul><ul><li>Elderly </li></ul><ul><li>Disabled </li></ul><ul><li>Also: </li></ul><ul><li>Volunteers </li></ul><ul><li>Seasonable Workers </li></ul><ul><li>Nanny </li></ul><ul><li>Tenants </li></ul><ul><li>Vendor/Contractors </li></ul>EVERYONE! Anyone hired, transferred or promoted
  22. 22. PES: Vendors and Contractors <ul><li>Often overlooked as a threat </li></ul><ul><li>Have keys, access to data, working in your space </li></ul><ul><li>Should be subject to your background check requirements – and make them pay for it! </li></ul><ul><li>Credential the company – verify they have the proper licenses </li></ul>
  23. 23. PES: Risk for the employer when taking on screening yourself <ul><li>Quick changing laws </li></ul><ul><ul><li>Difficult to interpret </li></ul></ul><ul><ul><li>Materials get outdated </li></ul></ul><ul><li>Need expertise </li></ul><ul><ul><li>Identification of resources </li></ul></ul><ul><ul><li>Access to resources </li></ul></ul><ul><ul><li>Understanding results </li></ul></ul><ul><ul><li>Knowing what searches to request </li></ul></ul><ul><li>Time consuming for overburdened staff, cut corners and become inconsistent - therefore INCREASING liability! </li></ul>
  24. 24. PES: Background Searches Available <ul><li>Patriot Act / Terrorist (OFAC) </li></ul><ul><li>Criminal Records Check </li></ul><ul><li>Civil Records Check </li></ul><ul><li>Social Security Validation </li></ul><ul><li>Credit History </li></ul><ul><li>Federal Criminal Check </li></ul><ul><li>Federal Civil Check </li></ul><ul><li>Federal Bankruptcy </li></ul><ul><li>Education Verification </li></ul><ul><li>Employment History </li></ul><ul><li>Reference Check </li></ul><ul><li>Sex Offender Check </li></ul><ul><li>Professional Credential Check </li></ul>
  25. 25. PES: Background Searches Available <ul><li>Drug Screening (DOT & Non-DOT) </li></ul><ul><li>Workers Compensation </li></ul><ul><li>Motor Vehicle Records Check </li></ul><ul><li>International Verifications </li></ul><ul><li>National Criminal/Sex Offender </li></ul><ul><li>Healthcare Integrity and Protection Data Bank </li></ul><ul><li>National Practitioners Data Bank </li></ul><ul><li>Eviction Reports </li></ul><ul><li>Consumer Credit </li></ul><ul><li>FDA Debarment </li></ul><ul><li>Military Records </li></ul><ul><li>Nationwide Healthcare Fraud and Abuse Scan </li></ul>
  26. 26. PES: Build an Applicant’s Profile <ul><li>Resumes don’t tell the truth. Discover who they really through background screening </li></ul><ul><li>It’s often misinterpreted that a criminal check is all you need </li></ul><ul><li>You should be looking into multiple areas: education, past employment, past addresses,social security validation and industry specific verifications </li></ul>
  27. 27. PES: Choosing the Right Searches <ul><li>You should consider: </li></ul><ul><li>Industry (manufacturing vs. financial) </li></ul><ul><li>Type of job (physical vs. sedentary) </li></ul><ul><li>Level of job (janitor vs. president) </li></ul><ul><li>Daily responsibilities (driving, access to data) </li></ul>
  28. 28. PES: Instant Records <ul><li>BAD </li></ul><ul><li>High liability </li></ul><ul><li>Does not include all jurisdictions claimed (“nationwide”) </li></ul><ul><li>Contain errors, incomplete or wrong data </li></ul><ul><li>Should not be used as standalone search </li></ul><ul><li>GOOD </li></ul><ul><li>Broader geographic scope </li></ul><ul><li>Inexpensive </li></ul><ul><li>Added layer of due diligence </li></ul>B E W A R E !
  29. 29. PES: Selecting a Screening Partner <ul><li>Computer and Internet Security </li></ul><ul><li>Confidentiality Procedures </li></ul><ul><li>Quality of Data Source </li></ul><ul><li>History of Expertise </li></ul><ul><li>Familiarly With Your Industry </li></ul><ul><li>Complete Service Offering </li></ul><ul><li>Legal Compliance Assistance </li></ul><ul><li>Comprehensive Report and Results </li></ul><ul><li>Customer Service and Personal Attention </li></ul><ul><li>Training </li></ul><ul><li>Performance Guarantee </li></ul><ul><li>Technology </li></ul>What you need to look for:
  30. 30. Policies and Procedures <ul><li>Cover the proper use of company resources </li></ul><ul><li>If you are not enforcing policies, they do not exist </li></ul><ul><li>Specific Policies that reduce internal threats: </li></ul><ul><ul><li>Vacation Policies </li></ul></ul><ul><ul><li>Acceptable Use </li></ul></ul><ul><ul><li>Data Handling Policies </li></ul></ul><ul><ul><li>Network Monitoring </li></ul></ul><ul><li>Enforce policy violations in accordance with company guidelines </li></ul><ul><li>Companies that have been victims of malicious insiders have often ignored of failed to detect policy violations </li></ul>
  31. 31. Separation of Duties <ul><li>Having more than one employee needed to conduct a certain transaction or process </li></ul><ul><li>In order for malicious activity to take place, both of the insiders need to be in collusion </li></ul><ul><li>Examine specific areas of concern: money handling, accounting functions, system administration, or other critical functions </li></ul>
  32. 32. Legal, Management, Security and HR Coordination <ul><li>The legal department has the best information regarding how to deal with insiders from a legal standpoint </li></ul><ul><li>HR has the expertise and knowledge about employees and the internal organization </li></ul><ul><li>Security Officers have the best information concerning new threats and vulnerabilities </li></ul><ul><li>Managers have the day to day interaction with employees to identify potential malicious insiders </li></ul><ul><li>Need to coordinate activities through information sharing and training </li></ul>
  33. 33. Pre-Incident Indicators <ul><li>There is a misconception that insiders “just snap” </li></ul><ul><li>Often times incidents of malicious activity occur during restructuring, downsizing or the hiring of new employees </li></ul><ul><li>Nearly all insiders gave off pre-incident indicators that served as “red flags” </li></ul><ul><li>Conflicts with co-workers that go beyond mere disagreements </li></ul><ul><li>Violations of policies and procedures can often be attempts at malicious activity </li></ul>
  34. 34. Internal Complaint Procedures <ul><li>Train your employees to report suspicious activity </li></ul><ul><li>Have a mechanism in place to handle complaints made anonymously </li></ul><ul><li>A cost effective way to handle internal complaints is the use of a 1-800 service </li></ul><ul><li>Complaints are taken by the service and then triaged by your staff or a third party investigative service </li></ul><ul><li>The mere perception of detection and investigations can go a long way to reducing losses </li></ul>
  35. 35. Termination Procedures <ul><li>Malicious actions often occur during termination </li></ul><ul><li>Have Termination Procedures that address: </li></ul><ul><ul><li>Access to network resources </li></ul></ul><ul><ul><li>Access to company owned smart phones </li></ul></ul><ul><ul><li>Ensure that data owned by the company cannot be access or was not accessed by terminate employee </li></ul></ul><ul><ul><li>Company owned phone and laptop is examined by a forensics specialist </li></ul></ul><ul><li>If there is a potential for malicious acts, you can terminate and allow them limited access before escorting them from the premisis </li></ul>
  36. 36. Wrap Up <ul><li>Insiders due to their position of trust are in a unique position to hurt a business </li></ul><ul><li>While trust is important in the employee / employer relationship, make sure that the employee is worthy of trust </li></ul><ul><li>Being proactive can significantly reduce the damage from insiders </li></ul><ul><li>Engaging a trusted Pre-employment Screening provider is a good way to ensure those that you give that trust are worthy of it </li></ul><ul><li>Build robust policies and train your managers, HR and security personnel in what to look for in a malicious insider </li></ul>
  37. 37. Questions
  38. 38. Contact Us <ul><li>Gerard Johansen, CISSP </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li> </li></ul></ul><ul><ul><li>203-925-6185 </li></ul></ul><ul><li>Maribeth Martino </li></ul><ul><ul><li>[email_address] </li></ul></ul><ul><ul><li>203-925-6192 </li></ul></ul>