Ponemon founder: Inside-out attacks can mirror outside-in attacks


According to the report “2013 Cost of Cyber Crime Study: United States,” the cost, frequency and time to resolve cyberattacks has risen for the fourth consecutive year. HP recently released the results from its global study, conducted by the Ponemon Institute, and the report determined that the most costly cybercrimes—to the tune of $11.56 million per organization annually—are caused by denial-of-service, malicious-insider and web-based attacks.


Keeping ne’er-do-wells out of your enterprise is no easy feat—fighting cybercriminals inside your office is even tougher. Discover Performance recently interviewed Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, to learn more about keeping malicious insiders at bay, whether they are employees, contractors or vendors.


Q: According to the report, malicious insiders are particularly hard to detect and expensive. Why?

Ponemon: We find a lot of organizations don’t think about an inside-out type attack in the same way they think about an outside-in attack, but they could be the same thing. You could have an internal bad guy working with an external bad guy. That combination leads to a very sophisticated, stealthy, and successful attack.


The most expensive attacks—the ones that lead to the theft of very, very valuable intellectual property such as a secret formula or defense design documents—often use that structure, where each party alone wouldn’t have the ability to get to the targeted information so they work in collaboration.


A malicious insider doesn’t have to be an employee. It could be a contractor or a vendor. They don’t necessarily need huge privileges—just a little bit of an edge—and with it they can get to that soft underbelly where there’s lots of information floating around. Companies have a hard time getting to the bottom of the problem when the root cause was a malicious insider.



Q: What are the techniques for detecting those types of attacks, and why aren’t people using them?

Ponemon: It's a surveillance issue. It involves monitoring your environment and trying to understand what people are doing, especially people in critical functions. You don’t have to have privileges to do dangerous things, but the people with privileges can do more dangerous things a lot faster.


So, you need to be looking at people who are doing unusual things and putting patterns together to see whether or not there’s something suspicious going on. This is where SIEM[Security Information and Event Management] or network intelligence technologies become very valuable, because you’re trying to look at different things that maybe look disjointed, and the tool can help you piece it together. It gives you a big picture that you might have something worthy of inspection by the security team.


For the average-size organization, even for a middle market company, trying to do that surveillance manually is very difficult, or nearly impossible. So the tools really matter.  


Another tactic to deal with a malicious insider is to have a bounty program. This means part of your security training is asking your front-line employees to spot suspicious activity, for example, someone in the cleaning crew looking at a computer sitting on someone’s desk. Having a responsible workforce can actually be very, very helpful.


So, it’s not all about technology, but the biggest problem is many companies don’t have the visibility in the network layer. As a result, they’re guessing who’s doing what, or they find problems too late, and that leads to huge costs


Learn more about the report by signing up for the web event “2013 4th Annual Cost of Cyber Crime Study Results” Oct. 29 at 10am (PT). In Europe, sign up for the web event Oct. 30 at 4pm (GMT), and in Asia, register for the event Oct. 31 at 11am (Sydney).

Labels: security
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author
Alec Wagner is a longtime writer & editor, enterprise IT insider, and (generally) fearless digital nomad.

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.