The Danger Within: Responding to Unintentional and Intentional Insider Threats
Fraud Summit - San Francisco 2014 - The hackers get the headlines, but behind the scenes the stealthy insiders continue to pose huge fraud risks to banking institutions. And often the fraudsters are senior, trusted employees with privileged access to accounts and competitive data. Register for this session to learn about:
See Also: Addressing the Identity Risk Factor in the Age of 'Need It Now'
- The latest insider threat research - who are the fraudsters, and how are covering up their crimes?
- Unintentional insiders - innocent employees who fall victim to social engineering schemes or targeted attacks that lead to fraud.
- New technology controls to help monitor disparate systems and detect anomalous behavior before fraud occurs.
As defined by the CERT Insider Threat Center within the Software Engineering Institute at Carnegie Mellon University, a malicious insider threat is "a current or former employee, contractor or other business partner who has or had authorized access to an organization's network, system or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity or availability of the organization's information or information systems."
Since 2001, the Insider Threat Center at CERT has conducted research into the threats posed by insiders and has gathered data on hundreds of cases of actual malicious insider incidents, including IT sabotage, fraud, theft of confidential or proprietary information, espionage and potential threats to the critical infrastructure of the United States.
Most recently, the Insider Threat Center has studied the unintentional insider threat, defined as:
"(1) a current or former employee, contractor, or business partner (2) who has or had authorized access to an organization's network, system, or data and who, (3) through action or inaction without malicious intent, (4) causes harm or substantially increases the probability of future serious harm to the confidentiality, integrity, or availability of the organization's information or information systems."
Register for this session to gain the latest insights on malicious and unintentional threats, as well as security solutions that can help detect and deter them.
ISMG's Fraud Summits are one-day events focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges.
All 2014 Fraud Summit San Francisco recordings: