INSIDER THREAT INCIDENTS
RESEARCH & REPORTS
The NITSIG in
conjunction with the
Insider Threat Defense Group have researched and analyzed over
5,400+ Insider Threat incidents over 13+ years.
These EYE OPENING
monthly reports show just how serious the Insider Threat problem is, and
the very costly and damaging impacts to organizations of all types and
sizes.
The SEVERE
IMPACTS Can Be Caused By:
Managing Employee
Threats In An Organization Is More Than Just Dealing With:
-
Employee
Dissatisfaction
-
Employee To Employee
Relationship Problems
-
Employee To
Supervisor Relationship Problems
-
Negative Performance
Reviews
-
Diversity Problems
-
Suspicious Technical
Behaviors
-
Preventing Sexual
Harassment, Workplace Violence
There are many other
types of Malicious Actions caused by employees', who may be very
disgruntled, that can be very damaging and have very serious impacts to
an organization.
Examples:
-
Financial Loss
(Trade Secrets / Data Theft, $$$ Embezzlement)
-
Operational Impact
For The Organization To Execute Its Mission (IT / Network Sabotage, Data
Destruction, Sabotage To Facility, Etc.)
-
Legal, Compliance &
Liability Impacts
-
Stock Price
Reduction
-
Employees Lose Jobs
/ Company Goes Out Of Business
-
And More........
CISA
Insider Threat Types Chart
CERT Insider
Threat Chart
(Threats Vs. Damages)
Employees' Looking To Live Extravagant Lifestyles
NITSIG research also
indicates many employees may not be disgruntled, but have other motives
such as financial gain to live a better lifestyle, etc.
You might be shocked
as to what employees do with the money they steal or embezzle from
organizations and businesses, and how many years they got away with it,
until they were caught. (1 To 20 Years)
What Do Employees' Do With The Money They Embezzle / Steal From Federal
/ State Government Agencies & Businesses Or With The Money They Receive
From Bribes / Kickbacks?
They Have Purchased:
Vehicles, Collectible Cars, Motorcycles, Jets, Boats, Yachts,
Jewelry, Buy Properties & Businesses
They Have Used Company Funds / Credit Cards To Pay For:
Rent / Leasing Apartments, Furniture, Monthly Vehicle Payments,
Credit Card Bills / Lines Of Credit, Child Support, Student Loans, Fine
Dining, Wedding, Anniversary Parties, Cosmetic Surgery, Designer
Clothing, Tuition, Travel, Renovate Homes, Auto Repairs, Fund Shopping /
Gambling Addictions, Fund Their Side Business / Family Business, Buying
Stocks, Firearms, Ammunition & Camping Equipment, Pet Grooming, And
More.......
They Have Issued Company Checks To:
Themselves, Family Members, Friends, Boyfriends / Girlfriends
These reports will
give the reader a comprehensive view of the "Actual Malicious Actions"
employees are taking against their employers.
Many CEO's, Boards,
and C-Suite's have taken a much more aggressive approach for detecting
and mitigating Insider Threats after reading these reports, as they
provide the justification, return on investment, and support the funding
approvals ($$$) needed for developing, implementing, managing or
optimizing an Insider Threat Program.
Even if an
organization is not required to implement an Insider Threat Program,
these reports provide valuable insights as to why organizations should
be more concerned with employee threat identification and mitigation.
INSIDER
THREAT INCIDENTS REPORTS
Produced Monthly
By:
National Insider
Threat Special Interest Group
Insider Threat
Defense Group
The incidents listed in these reports on the links below, provide EYE
OPENING EXAMPLES of the many different types of Insider Threats and
the SEVERE IMPACTS.
These incidents are caused by JUST 1 EMPLOYEE or by MULTIPLE
EMPLOYEES', or by EMPLOYEES' WORKING WITH EXTERNAL CO-CONSPIRATORS.
If you would like to be notified when the NITSIG releases the monthly
Insider Threat Incidents Reports, and other related information, please
send an e-mail to:
jimhenderson@nationalinsiderthreatsig.org
Download Reports / No Registration Required
Insider
Threat Incidents Report For July 2021
Insider
Threat Incidents Report For August 2021
Insider Threat Incidents Report For September 2021
Insider Threat Incidents Report For October 2021
Insider Threat Incidents Report For November 2021
Insider Threat Incidents Report For December 2021
Insider Threat Incidents Report For January 2022
Insider Threat Incidents Report For February 2022
Insider Threat Incidents Report For March 2022
Insider Threat Incidents Report For April 2022
Insider Threat Incidents Report For May 2022
Insider Threat Incidents Report For June 2022
Insider Threat Incidents Report For July 2022
Insider Threat Incidents Report For August 2022
Insider Threat Incidents Report For September 2022
Insider Threat Incidents Report For October 2022
Insider Threat Incidents Report For November 2022
Insider Threat Incidents Report For December 2022
Insider Threat Incidents Report For January 2023
Insider Threat Incidents Report For February 2023
Insider Threat Incidents Report For March 2023
Insider Threat Incidents Report For April 2023
Insider Threat Incidents Report For May 2023
Insider Threat Incidents Report For June 2023
Insider Threat Incidents Report For July 2023
Insider Threat Incidents Report For
August 2023
Insider Threat Incidents Report For September 2023
Insider Threat Incidents Report For October 2023
Insider Threat Incidents Report For November 2023
Insider Threat Incidents Report For December 2023
Insider Threat Incidents Report For January 2024
Insider Threat Incidents Report For February 2024
Insider Threat Incidents Report For March 2024
Insider Threat Incidents Report For April 2024
Insider Threat Incidents Report For May 2024
Insider Threat Incidents Report For June 2024
Insider Threat Incidents Report For July 2024
Insider Threat Incidents Report For August 2024
Insider Threat Incidents Report For September 2024
NITSIG Insider Threat
Incidents Report (Up To 2017)
Source
DEPARTMENT OF DEFENSE
INSIDER THREAT INCIDENTS REPORT FOR 2024
Produced By:
National Insider
Threat Special Interest Group
Insider Threat
Defense Group
Report Overview
Insider Threat incidents within the Department Of Defense (DoD)
(U.S. Army, Navy, Air Force, Marines) are not just related to espionage,
the unauthorized distribution of classified information to foreign
governments or other individuals, or the prevalence of extremist
ideology and behaviors.
The traditional norm or mindset that DoD employees just steal classified
information or other sensitive information is no longer the case. There
continues to be an increase within the DoD of financial fraud,
contracting fraud, bribery, kickbacks, theft of DoD physical assets,
etc. This is very evident in the research that has been conducted by the
NITSIG and previously published in the monthly Insider Threat Incidents
Reports.
While some employees may display behavioral indicators of concerns, some
may not. Other employees are apparently motivated by human greed, the
need for more money, or the opportunity to live a lifestyle of luxury at
the expense of the DoD. Perpetrators have used DoD money for: Investment
Ventures, To Pay Debts, Jewelry, Clothing, Vehicles, Real Estate,
Vacations and more
DoD organizations have invested millions of dollars in securing their
data, computers and networks against Insider Threats, from primarily a
technical perspective, using Network Security Tools or Insider Threat
Detection Tools. But the Insider Threat problem is not just a technical
problem.
The intent of this report is to provide a more holistic view of various
types of Insider Threat incidents within the DoD.
This report should be used as an awareness and educational tool to gain
additional support and funding from senior leaders for an Insider Threat
Program (ITP).
This report also serves as an excellent Insider Threat Awareness Tool,
to educate key stakeholders supporting an ITP, and to educate DoD
employees on the importance of reporting employees’ who may pose a risk
or threat to the organization.
Download Report / No Registration Required
INSIDER THREAT INCIDENTS SPOTLIGHT REPORT FOR 2023
Produced By:
National Insider
Threat Special Interest Group
Insider Threat
Defense Group
This comprehensive EYE OPENING report provides a 360 DEGREE
VIEW of the many different types of malicious actions employees'
have taken against their employers.
This is the only report produced that provides clear and indisputable
evidence of how very costly and damaging Insider Threat incidents can be
to organizations of all types and sizes. (U.S. Government, Private
Sector)
The many examples listed in this report clearly substantiate the need to
enhance security controls (Non-Technical, Technical) to detect and
mitigate Insider Risks / Threats, or the importance of implementing an
Insider Risk Management Program for an organization.
Taking a PROACTIVE rather than REACTIVE approach is
critical to protecting your organization from employee risks / threats.
Download Report
/ No Registration Required
OTHER
SOURCES FOR INSIDER THREAT INCIDENTS & NEWS
Produced
By: NITSIG / Insider Threat
Defense Group (ITDG)
Insider Threat Incidents E-Magazine On Flipboard (Updated Daily)
Largest Publicly Available
Source Of Insider Threat Incidents (5,400+)
View On The Link Below, Or Download The Flipboard App To View On Your
Mobile Device
Source
NITSIG Workplace Violence Incidents E-Magazine
View On The Link Below, Or Download The Flipboard App To View On Your
Mobile Device
Source
NITSIG Group On LinkedIn (Request Access)
The NITSIG has
created a LinkedIn Group for individuals that interested in sharing and
gaining in-depth knowledge regarding Insider Threat Mitigation and
Insider Threat Program Management, and to also share the latest news,
upcoming events and information.
Join Group
NITSIG - ITDG Insider
Threat Incidents / News On Twitter
(Updated Daily)
(Follow Us On Twitter:
@InsiderThreatDG)
Source
Insider Threat Defense Group Website
(Examples Of
Many Different Types Of Insider Threat Incidents)
Source
Defense Counterintelligence & Security Agency Insider Threat Case Studies
Source
Older
Insider Threat Reports / Surveys For Reference
(1999 To 2018)
Some Reports / Surveys Below Contain No Source Links, Because
Content Has Been Removed From Website
Global Study Reveals
Majority Of Visual Hacking Attempts Are Successful
Organizations around the world are at risk of
sharing highly sensitive information through visual
hacking in business office environments.
This
risk was revealed in the 2016 Global Visual Hacking
Experiment, an expansion of the
2015 Visual Hacking Experiment conducted in the
United States by Ponemon Institute and sponsored by
3M Company.
The
global study included trials in China, France,
Germany, India, Japan, South Korea and the United
Kingdom. The
combined results found that sensitive information
was successfully captured in 91% of visual hacking
attempts globally. (Experiment
Results)
The
experiments involved 157 trials with 46
participating companies across the eight countries.
They exposed low-tech hacking methods as a
significant risk to corporations around the world.
The findings revealed that organizations need to
create awareness among employees on protecting data
displayed on device screens, as 52% of the sensitive
information captured during the experiments came
from employee computer screens.
In
the experiments, a "White Hat Visual Hacker" (WHVH)
assumed the role of temporary office worker and was
assigned a valid security badge worn in visible
sight. The WHVH attempted to visually hack sensitive
or confidential information using three methods:
Walking through the office scouting for information
in full view on desks.
Observing computer monitor screens and other
indiscrete locations like printers and copy
machines.
Taking a stack of business documents labeled as
confidential off a desk and placing it into a
briefcase
Using a smartphone to take a picture of confidential
information displayed on a computer screen.
All
of the methods above were completed in front of
other office workers at each participating company.
In 68 % of the
hacking attempts, office personnel did not question
or report the visual hacker even after witnessing
unusual or suspicious behavior.
DoD PERSEREC Report - A Strategic Plan To Leverage The Social &
Behavioral Sciences To Counter the Insider Threat
-
2018
In 2016, the Office
of the Under Secretary of Defense for Intelligence partnered with the
Defense Personnel and Security Research Center (PERSEREC) to design a
comprehensive research plan and strategy to integrate the social and
behavioral sciences (SBS) into the DoD counter-insider threat mission
space.
PERSEREC completed 59 interviews with 66 SMEs who represented 45
organizations: 10 private sector companies, nine Defense Agencies, nine
non-DoD federal agencies, seven federally funded research and
development centers (FFRDC) and university affiliated research centers (UARC),
four military Services, four DoD Field Activities, one Defense Joint
Activity, and one Combatant Command. (Source)
Aviation Insider Threat
Team
Report
-
2018
Ponemon Institute Study - The True Cost of Insider Threats Revealed
- 2018
This global study reports
on what companies have spent to deal with a data breach caused by a
careless or negligent employee or contractor, criminal or malicious
insider or a credential thief. While the negligent insider is the root
cause of most breaches, the bad actor who steals employees’ credentials
is responsible for the most costly incidents.
The first study on the cost of insider threats was conducted in 2016 and
focused exclusively on companies in the United States. In this year’s
benchmark study, 717 IT and IT security practitioners in 159
organizations in North America (United States and Canada), Europe,
Middle East and Africa, and Asia-Pacific were interviewed.
According to the research, if the incident involved a negligent employee
or contractor, companies spent an average of $283,281. The average cost
more than doubles if the incident involved an imposter or thief who
steals credentials ($648,845). Hackers cost the organizations
represented in this research an average of $607,745 per incident.
Ponemon Institute concludes that companies need to intensify their
efforts to minimize the insider risk because of rising costs and
frequency of incidents. Since 2016 the average number of incidents
involving employee or contractor negligence has increased from 10.5 to
13.4. The average number of credential theft incidents has tripled over
the past two years, from 1.0 to 2.9. In addition, these incidents are
not resolved quickly. Our analysis revealed that it took the companies
in our study more than two months on average to contain an insider
incident. Only 16 percent of incidents were contained in less than 30
days.
Insider
Threat Survey
-
2018
This research is
based on the results of a comprehensive online survey of 472
cybersecurity professionals to gain deep insight into the insider threat
faced by organizations and the solutions to detect, remediate, and
prevent it. The respondents range from technical executives to managers
and IT security practitioners, representing organizations of varying
sizes across all industries.
Highlights
90% of organizations feel vulnerable to insider attacks. The main
enabling risk factors include too many users with excessive access
privileges (37%), an increasing number of devices with access to
sensitive data (36%), and the increasing complexity of information
technology (35%).
A 53% majority have confirmed insider attacks against their organization
in the previous 12 months (typically less than five attacks). 27% of
organizations say insider attacks have become more frequent.
Organizations are shifting their focus on detection of insider threats
(64%), followed by deterrence methods (58%), and analysis and post
breach forensics (49%). The use of user behavior monitoring is
accelerating; 94% of organizations deploy some method of monitoring
users and 93% monitor access to sensitive data.
The most popular technologies to deter insider threats are Data Loss
Prevention (DLP), encryption, and identity and access management
solutions. To better detect active insider threats, companies deploy
Intrusion Detection Prevention Solutions (IDPS), log management and SIEM
platforms.
The vast majority (86%) of organizations already have or are building an
Insider Threat Program. 36% have a formal program in place to respond to
insider attacks, while 50% are focused on developing their program.
Harvey Nash / KPMG Global
Survey Of 4500 CIOs - Tech Leaders - Insider Threat Fastest Growing
Threat - 2017
External Hackers are not
the only threat your business or organization may be facing. One of your
biggest risks comes from your own employees. This survey finds that the
insider threat problem is the fastest-growing one of all.
Source
Hiscxo
Embezzlement Study - 2017
To find out who’s stealing from small
businesses, Hiscox examined publicly available data on U.S. federal
court activity related to employee fraud. Perhaps surprisingly, it turns
out that women embezzle more frequently than men do (though only by a
small percentage). The median age of this kind of criminal is 48 years
old, and they most likely work in a finance or accounting role.
Another surprising
fact is that instances of embezzlement at companies of all sizes may
last longer than you might think: Statistics showed that more than a
quarter of embezzlement's take place for longer than five years.
While all companies face the risk of embezzlement, those that are
smaller in size report the crime’s occurrence more frequently. Small
businesses cope with unique struggles. For instance, a small company is
more likely to hire one person to handle its money-based operations like
accounting or payroll because it really doesn’t need several people for
this position. However, if this one person decides to embezzle from the
company, it’s much easier for him or her to hide it. To fly under the
security that many companies have in place to prevent financial loss,
many embezzlers engage in long-running schemes.
Employee theft
schemes often go on for five years or more with the longest one reported
spanning 41 years. Embezzlers get away with long-running financial
schemes like these by stealing small amounts, making it tough for
companies to spot them. Small losses add up, however. The average loss
for long-running scams that lasted for five years or longer came to $2.2
million. In schemes that lasted 10 years or more, the average amount
lost to embezzlers was $5.4 million. While financial theft happens more
often in small companies, large businesses suffer higher median losses.
Source
Government Accountability
Office Report: 24 Agencies Still Struggle With IT Security Weaknesses -
2017
Highlights
Two dozen federal agencies
continue to experience security weaknesses in five critical areas, which
puts government systems and data at risk, according to a new watchdog
agency report.
The Government Accountability Office says in its report new
report titled
Weaknesses Continue To Indicate Need for Effective Implementation of
Policies and Practices, that during fiscal 2016, the agencies
continued to experience weaknesses in protecting their information and
information systems due to ineffective implementation of information
security policies and practices.
Most of the agencies that the GAO reviewed had weaknesses in five
control areas, including access controls, configuration management
controls, segregation of duties, contingency planning and agency wide
security management, the report notes.
The problems have been
recurring issues for many of the agencies, the report adds.
Yet evaluations by the GAO and agency inspectors determined that most
agencies
did not have effective
Information Security Programs,
the report notes.
The watchdog agency adds that it did not make any new recommendations to
address the issues because GAO and agency inspector generals "have made
hundreds of recommendations to address these security control
deficiencies, but many have not yet been fully implemented."
Until agencies correct longstanding control deficiencies and address the
previous recommendations, "federal IT systems will remain at increased
and unnecessary risk of attack or compromise. We continue to monitor the
agencies' progress on those recommendations."
NITSIG Note:
A
robust and effective Insider Threat Program, requires that
organizations have an effective Security / Information / Information
Systems Security Program.
-
Weak Governance And Security = Exploitable Weaknesses By Insiders
-
It
Starts At The Top Of An Organization: Lack Of Understanding Insider
Threat Risks At Corporate Level
-
Poor Communication Between Critical Business Departments (HR, IT,
Security) And Supervisors Regarding Employee Trustworthiness / Threat
-
Poor Facility Security Controls (Facility Access, Facilities Bag Checks
(In & Out), No BYOD Policy / Electronic Device Policy)
-
Poor Goverance (Lack Of Security Policies, Procedures. No Sancitions For
Security Policy Violations)
-
Poor Organizational Security Culture (Weak Or Absent Security Briefings
For New Hires, Contractors)
-
Poor Personnel Management Practices (Pre-Employment Screening, Position
Re-Assignment, Employee Continuous Monitoring For Trustworthiness,
Seperation-Termination Procedures, Etc.)
-
Lack Of Identifying-Protecting Crown Jewels / Intellectual Property
-
Lack Of Secure Configurations For Information Systems (Workstations /
Servers)
-
Lack Of Secure Configurations For Software Applications
-
Lack Of IT Configuration Management
-
Lack Of User Activity Monitoring For IT Networks
-
Lack Of Cyber Threat - Insider Threat Awareness Training For Employees
-
Lack Of Insider Threat Risk Mitigation Training For IT-Network Security
Professionals
-
Poor Practices Related To The Acquisition Of Hardware, Software (Are
Security Risks Addressed?)
-
Poor Practices Related The Use Of Outside IT Contracting Services And
Other Contracting Services (When Outsiders Become Insiders)
Measurable Damage
From Data Breaches - Cisco Report
- 2017
Highlights
A business
should pay close attention to a 2017 report that was released from Cicso
concerning damages from data breaches. The report provides insights
based on threat intelligence gathered by Cisco's security experts,
combined with input from nearly 3,000 Chief Security Officers (CSOs) and
other security operations leaders from businesses in 13 countries.
According to the Cisco report, organizations that suffered a breach, the
effect was substantial: 22% of breached organizations lost customers,
40% of them lost more than a fifth of their customer base, 29% lost
revenue, with 38% of that group losing more than a fifth of their
revenue, and 23% of breached organizations lost business opportunities,
with 42% of them losing more than a fifth of such opportunities.
DoD PERSEREC Report - The Expanding Spectrum Of Espionage By Americans
1947 - 2015
Highlights
This
report is the fourth in the series on espionage by Americans that the
Defense Personnel and Security Research Center (PERSEREC) began
publishing in 1992. The current report updates the scope of earlier work
by including recent cases, and it extends the scope by exploring related
types of espionage in addition to the classic type.
There Are 3 Parts Of The Report
Part 1 - Presents findings on characteristics of
Americans who committed espionage-related offenses since 1947. The
findings are based on analyses of data collected from open sources.
Part 2 - Explores the five types of espionage committed by the
209 individuals in this study: classic espionage, leaks, acting as an
agent of a foreign government, violations of export control laws, and
economic espionage. Each type is described by its legal bases; examples
of cases and comparisons with the other types of espionage are provided.
Part 3 - Considers the impact of the context in which espionage
takes place, and discusses two important developments: (1) information
and communications technologies (ICT), and (2) globalization.
Source
Defending Against the Wrong Enemy: SANS Insider
Threat Survey
-
2017
Highlights
Organizations Recognize The Importance Of Insider Threat.
Survey results are very promising in that they indicate
organizations recognize insider threat as the most potentially damaging
component of their threat environments. Interestingly, there is little
indication that most organizations have realigned budgets and staff to
coincide with that recognition.
Losses Due To Insider Threat Are Largely Unknown
Relatively few respondents were able to quantify either real or
potential losses due to insider threat. Organizations often do not spend
money in a critical area if they cannot quantify the losses. This could
explain why insider threat is a concern but not a primary focus.
Incident Response Is Not Focused Primarily On The Insider
Despite recognition of insiders as a common and vulnerable point
of attack, fewer than 20% of respondents reported having a formal
incident response plan that deals with insider threat. The primary focus
of incident response is to recover from an adverse event. Incident
response plans that are focused on external threats might explain why
many organizations struggle to respond to incidents involving insiders.
Detection Of Insider Threat Is Still Not Effective.
More than 60% of the respondents claimed they have never
experienced an insider threat attack. This result is very misleading. It
is important to note that 38% of the respondents said they do not have
effective ways to detect insider attacks, meaning the real problem may
be that organizations are not properly detecting insider threats, not
that they are not happening.
Organizations Must Deal With Both Malicious And Accidental Insider
Threats
When most people hear the term insider threat, they typically think of
the malicious insider, who is purposely causing harm to an organization.
Although this type of insider will always be a concern, the bigger
threat to most organizations is the accidental insider—a legitimate user
whose login has been stolen or who has been manipulated into giving an
attacker access through other means. It is possible that respondents did
not consider those compromised insiders as being part of what is
considered an insider threat. Respondents to the survey most frequently
cited malicious employees (43%) as their biggest concern. It is
promising, however, that the accidental or negligent insider is a very
close second (at 39%), which means organizations are focusing more
resources in the correct area.
GAO Report On
Insider Threat From Federal Workers
- February 14, 2017
Highlights
The GAO released a
report about the the Cyber Insider Threat titled; CYBERSECURITY -
Actions Needed To Strengthen U.S. Capabilities
The report points a finger at "Insider Threats" from federal workers on
the government's vast cyber and computer system, joining
"foreign nations" as a danger to sensitive and classified information
and even personal info.
The GAO also declared frustration with the Obama administration in its
new report, over its failure to implement 1,000 security fixes needed to
close the door to hackers, inside and out. In testimony to Rep. Barbara
Comstock's subcommittee in February 2017, Gregory Wilshusen, director of
information security issues for GAO, hit the government for failing to
act on 1,000 of 2,500 cybersecurity recommendations it has made.
The GAO report, requested by Rep. Barbara Comstock, the northern
Virginia Republican who represents thousands of federal workers, is
blunt in its assessment of the threats to cybersecurity.
"Federal systems and networks are also often interconnected with other
internal and external systems and networks including the Internet,
thereby increasing the number of avenues of attack and expanding their
attack surface," said the report.
"Risks to cyber assets can originate from unintentional and intentional
threats. These include insider threats from disaffected or careless
employees and business partners, escalating and emerging threats from
around the globe, the steady advances in the sophistication of attack
technology, and the emergence of new and more destructive attacks," it
added, pointing a finger to federal insiders.
Source
Increasing Concern
About Insider Threats At US Airports - House Homeland Security Committee
Report -
February 6, 2017
Highlights
The House Homeland
Security Committee Majority Staff has issued a report entitled
‘America’s Airports: The Threat From Within’ that examines employee
screening at the approximately 450 airports in the U.S. under federal
control and found that “much more needs to be done to improve the state
of access controls and mitigate the insider threat facing America’s
aviation sector.”
According to the 21-page report: Approximately 900,000 people work at
these airports, and many are able to bypass traditional screening
requirements that travelers visiting the airports must endure. While the
overwhelming majority of these airport workers take the inherent
responsibility seriously, there are increasing concerns that insider
threats to aviation security are on the rise.
The report – the result of an investigation conducted by Transportation
and Protective Security Subcommittee – continued: The Subcommittee has
worked closely with the Transportation Security Administration (TSA) and
the aviation stakeholder community to examine how we can work together
to improve access controls and employee screening at our nation’s
airports.
“The recommendations outlined in this report, along with the
requirements of the Aviation Employee Screening and Security Enhancement
Act of 2017, which I introduced today, will serve as a roadmap for TSA,
airports, and air carriers to close security vulnerabilities at our
nation’s airports,” Subcommittee Chairman John Katko (R-NY) stated in a
press release about the report.
The Subcommittee “found that a majority of airports do not have full
employee screening at secure access points” and that these airports “are
unable to demonstrate the security effectiveness of their existing
employee screening efforts, which consist largely of randomized
screening by TSA officers or airport law enforcement personnel,”
according to the press release.
The report made nine recommendations that include examining the costs
and feasibility of expanded employee screening, educating aviation
workers on their role in mitigating insider threats, targeting the use
of employee screening to be more strategic, and implementing the Federal
Bureau of Investigation’s (FBI) RapBack Service for all credentialed
aviation worker populations.
Recent examples of insider threats discussed in the report include an
attempt to detonate a bomb at an airport, gun and drug smuggling, and
employees who became involved in terrorist activities overseas. The
complete “America’s Airports: The Threat From Within” report is
available
online.
Healthcare
Data Breaches Report - January 19, 2017
Highlights
-
Data breaches in the
U.S. healthcare field cost $6.2 Billion dollars each year.
-
The average cost of
a single data breach across all industries is $4 Million dollars,
according to a 2016 study from IBM and Ponemon Institute.
-
Approximately 90% of
hospitals have reported a breach in the past two years, and most
breaches are due to employee error.
-
The average HIPAA
settlement fine is approximately $1.1 Million dollars.
-
Data Breach
notification costs $560,000 on average.
-
Costs affiliated
with lawsuits average $880,000.00.
-
Post data breach
cleanup costs average $440,000.00
-
Healthcare
organizations average $500,000.00 in lost brand value after a data
breach, with some estimates reaching $50 Million dollars as an average
amount in lost brand value.
-
Source
Kroll Annual Global Fraud And Risk Report
- 2016 / 2017
Highlights
-
Data 82% of
executives surveyed worldwide experienced a fraud incident in the past
year compared to 75% in 2015.
-
85% of executives reported
at least one cyber incident and over two-thirds reported security
incidents.
-
Fraud, cyber, and security
incidents are now the “new normal” for companies across the world,
according to the executives surveyed for the report, highlighting the
escalating threat to corporate reputation and regulatory compliance.
-
Despite widespread
concerns about external attacks, the findings reveal that the most
common perpetrators of fraud, cyber, and security incidents over the
past 12 months were current and former employees.
-
Six out of ten respondents
(60%) who worked for companies that suffered from fraud identified a
combination of perpetrators that included current employees, former
employees, and third parties. Almost half (49%) said incidents involved
all three groups. Junior staff were cited as key perpetrators in
two-fifths (39%) of fraud cases, followed by senior or middle management
(30%) and freelance or temporary employees (27%). Former employees were
also identified as responsible for 27% of incidents reported.
-
Overall, 44% of
respondents reported that Insiders were the primary perpetrators of a
cyber incident, with former employees the most frequent source of risk
(20%), compared to 14% citing freelance or temporary employees and 10%
citing permanent employees.
-
Adding agents or
intermediaries to this “Insider” group as quasi-employees increases the
proportion of executives indicating Insiders as the primary perpetrators
to a majority, 57%.
-
Over half of respondents
(56%) said Insiders were the key perpetrators of security incidents,
with former employees again the most common of these (23%).
KPMG Report - Global
Profiles Of The Fraudster
- 2016
Highlights
In a recent research report by KPMG, Global Profiles of the
Fraudster, fraud is a global issue. It harms corporate reputations,
costs millions and ruins lives. It's a heavy economic and moral burden
on society. This report analyzed profiles of 750 cyber-crooks
investigated by forensic specialists across 81 countries, and produced
what it calls the "New Face Of Fraud"'
Some Of The
Interesting Facts From This Report
-
69% Were Between The Ages
of 36 and 55
-
65% Were Employed By The
Company That Was Hacked
-
35% Were Executives Or
Directors
-
38% Had Been With The
Company For At Least Six Years
-
38% Described Themselves
As Well-Respected In Their Company
-
62% Colluded With Others
In Their Crimes
How Is Insider Fraud
Accomplished And Why?
-
Creation Of False Or
Misleading Information In Accounting Records : 24%
-
False Or Misleading
Information Via Email Or Another Messaging Platform: 20%
-
Abuse Permissible Access
To Computer Systems: 13%
-
The report highlights
technology as one of the key elements involved in white-collar crimes
across the globe.
-
While personal gain was
the predominant overriding motivation for committing fraud (60%), the
sense of “Because I Can” was third at 27%, according to the report.
-
Source
US
Defense Contract Management Agency - Malicious Or Accidental Insider
Threats Have Caused More Problems In DoD
-
2015
According to the US Defense Contract Management Agency (DCMA)’s director
of operations, the Department of Defense has positioned itself quite
strongly against external cyber threats, but malicious or accidental
insider threats have caused more problems. This was largely because
people within agencies largely “do what they want” and see security as a
form of interference, he said. Additionally, some of the younger
employees have “skills to successfully work around security protocols.”
Ponemon Institute Reports Employee Negligence Leading Cause of Insider
Threats - Could Cost A Company Up To $1.5 Million - 2015
Employee negligence, which may be caused by multitasking and working
long hours, can result in insider threats and cost companies millions of
dollars each year. It can cost a U.S. company as much as $1.5 million
and Germany companies €1.6 million in time wasted responding to security
incidents caused by human error, according to a new survey of IT and IT
security practitioners in the U.S. and Germany. The survey, commissioned
by Raytheon / Websense and independently conducted by the information
security industry leader Ponemon Institute, also revealed that 70
percent of U.S. survey respondents and 64 percent of German respondents
report that more security incidents are caused by unintentional mistakes
than intentional and/or malicious acts.
(Source)
Mandiant Cybersecurity Firm Reports 100% Of Most Recent Incidents
Involved Some Form OF Insider Threat
- 2015
(Source)
Insider Threats To Credit Unions Survey
- 2015
Highlights
-
83% of
surveyed financial institutions admit their biggest concern is
confidential information transferred to unauthorized recipients.
-
52%
say they are worried about sensitive data being transferred by use
of removable media.
-
77% of
all credit unions surveyed said they do not believe or were unsure
if they had complete protection regarding internal data threats.
-
62%
stated they already have security controls in place.
-
Source
Vormetic
Insider Threats To Healthcare Report
- 2015
Highlights
-
92% of
102 U.S.-based healthcare IT decision makers surveyed said their
organizations are either "somewhat" or more vulnerable to insider
threats.
-
49%
felt "very" or "extremely" vulnerable to insider threats.
-
48% of
healthcare organizations experienced a data breach or failed a
compliance audit in the past year.
-
63% of
healthcare IT decision makers said their organizations are planning
to increase spending to offset data threats.
FBI / Department of Homeland Security
Alert
- 2014
Highlights
-
A
recent (2014) FBI and Department of Homeland Security alert
reported
that employees with an ax to grind are increasingly using Internet
cloud services and other computer tools to hack their current or
former companies.
-
Companies victimized by current or former employees incur costs from
$5,000 to $3 million.
-
According to the FBI our nation’s secrets are in jeopardy,
the same secrets that make a company profitable. The FBI estimates billions of U.S. dollars are lost to foreign
competitors every year. These foreign competitors deliberately
target economic intelligence in advanced technologies and
flourishing U.S. industries. External data breaches by cyber
criminals get a lot of attention, but
frequently insiders are recruited by foreign competitors to gather
and steal a
company’s data.
SANS /
Spectorsoft Insider Threat Survey
- 2014, 2015
Highlights
-
74% of
the 772 IT security professionals surveyed said they're concerned
about insider threats from negligent or malicious employees.
-
32%
said they have no ability to prevent an insider breach.
-
28%
said insider threat detection and prevention isn't a priority in
their organizations.
-
44% of
respondents said they don't know how much they currently spend on
solutions to mitigate insider threats.
-
45%
said they don't know how much they plan to spend on such solutions
in the next 12 months.
-
69%of
respondents said they currently have an incident response plan in
place, but more than half of those respondents said that plan has no
special provisions for insider threats.
-
52% of
survey respondents said they didn't know what their losses might
amount to in the case of an insider breach.
-
Source
SolarWinds Survey Investigates Insider Threats
to Federal Cybersecurity
-
2015
Highlights
-
More than half (53%) of federal IT Pros
identified careless and untrained insiders as the greatest source of
IT security threats at their agencies, up from 42 percent last year.
-
Nearly two-thirds (64%) believe malicious
insider threats to be as damaging as or more damaging than malicious
external threats, such as terrorist attacks or hacks by foreign
governments.
-
Further, 57 percent believe breaches caused by
accidental or careless insiders to be as damaging as or more
damaging than those caused by malicious insiders.
-
Nearly half of respondents said government
data is most at risk of breach from employees' or contractors'
desktops or laptops. Top causes of accidental insider breaches
include phishing attacks (49%), data copied to insecure devices
(44%), accidental deletion or modification of critical data (41%)
and use of prohibited personal devices (37%).
-
(Source)
Vormetric Insider Threat Report
- 2015
Highlights
-
93% of U.S.
respondents said their organizations were somewhat or more
vulnerable to insider threats.
-
59% of U.S.
respondents believe privileged users pose the biggest threat to
their organization.
-
Preventing a data
breach is the highest or second highest priority for IT security
spending for 54% of respondents’ organizations.
-
46% of U.S.
respondents believe cloud environments are at the greatest risk for
loss of sensitive data in their organization, yet 47% believe
databases have the greatest amount of sensitive data at risk.
-
44% of U.S.
respondents say their organization had experienced a data breach or
failed a compliance audit in the last year.
-
34% of U.S.
respondents say their organizations are protecting sensitive data
because of a breach at a partner or a competitor.
-
(Source)
U.S. State Of Cyber Crime Survey
- 2014
Highlights
-
The incidents that
typically fly under the media radar are insider events.
-
28% of respondents pointed the finger at
insiders,
which includes trusted parties such as current and former employees,
service providers, and contractors.
-
32% say insider
crimes are more costly or damaging than incidents perpetrated by
outsiders. The larger the business, the more likely it is to consider
insiders a threat; larger businesses also are more likely to
recognize that insider incidents can be more costly and damaging.
-
Only
49% of all respondents have a plan for responding to insider
threats.
-
Source
GAO
Report On Personnel Security Clearances
- 2014
Highlights
-
A Government
Accountability Office (GAO)
report reviewed
the eligibility of individuals accessing classified information.
-
Access to classified
information was revoked in 2009-2013 for more than 18,500 military
and civilian employees and contractors working for the Department of
Defense (DoD), according to an audit. (16,000 Military-Civilian Employees
And For 2,500 contractors).
-
The report examined
the most common reasons for revoking clearances by the DoD for
fiscal year 2013. The top causes for civilian and military personnel
were criminal conduct, involvement with drugs and personal
conduct. Top reasons for contractors were financial considerations
and personal and criminal conduct.
-
The report also
examined revocations by the Department of Homeland Security (DHS),
although only for fiscal year 2013. About 125,000 DHS civilian and
military employees were eligible to access classified information as
of March 2014. DHS revoked eligibility for 113 personnel
during fiscal year 2013 the report said.
Organizations Lack
Training And Budget To Mitigate Insider Threats
- 2014
Highlights
Other
Insider
Threat Reports
DoD Top Management Challenges Report For 2018 (Insider Threat Pages
31-38)
GAO Report: Insider Threats In The DoD - 2015
PERSEREC: Espionage Case Summaries From 1975-2008
PERSEREC: Espionage By Americans From 1947-2007
DoD Insider
Threat Mitigation Report - 1999
Insider Threat Mitigation Requires Senior Management Support
Senior
Management must address the questions below if they are serious
about mitigating the Insider Threat and protecting an organization
assets.
-
Does
your organization have visibility into its employees actions on your
information systems, databases and networks that store intellectual
property, proprietary information and sensitive information?
-
Could
the loss of this information cause your company bad publicity,
damage to your company's reputation and stock prices, cause your
company to face legal action, or put your company out of business?