Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Insider threats are out-of-policy actions taken by individuals with legitimate access to some of the physical, financial and information assets of an organization. They may mishandle assets entrusted to them, or use assets beyond or outside their authorization. Motivations range from simple mistakes and “convenience” workarounds, all the way to deliberate subversion of security systems with intent to harm or defraud.
Losses from insider threats can be spectacular: in just three days in January, 2008, Société Générale lost about €4.9 billion ($7.2 billion at then-current exchange rates). The bank blames a trader—familiar with access controls from years spent in its compliance department —for fraud, forgery, and attacks on an automated system. But less dramatic losses have become almost routine: the Privacy Rights Clearinghouse documents a long and growing list of financial and other personal information breaches, many due to dishonest, vengeful, or merely careless insiders.
Controls and complexity
Login above or Register now and get unlimited access.
Already subscribed but have forgotten your login? Recover your password your here.