Businesses are busy protecting their corporate networks from malicious outsiders, but many times the attackers are the ones sitting inside the firewall.
The arrest of a rogue stock trader at UBS,
one of the world's largest and most recognized banks, should serve as a wake-up
call to all enterprises that many security threats actually come from inside
their organization rather than from outside, according to several security
London police arrested a rogue
trader with the Swiss bank Sept. 15. In a terse four-line
said the trader is suspected of causing an estimated $2
billion loss due to unauthorized trades. While UBS has not named the trader,
the Financial Times
identified him as Kweku
Adoboli, a director in European equity trading for the Zurich-based bank.
"The matter is still being investigated, but UBS's
current estimate of the loss on the trades is in the range of USD 2 billion,"
UBS said in the statement. No client
positions appear to have been affected.
The bank was working to "get to the bottom of the matter as quickly as
possible, and would spare no effort to establish exactly what has
happened," UBS CEO Oswald Gr??bel wrote
in an internal memo to staff, a copy of which was obtained by The Washington Post
The UBS incident echoes what
cyber-security experts have been saying for a while now: insiders are among the
biggest threats facing organizations.
The "continued stress" of the current economic situation is
"exacerbating" the potential for insider threats, Gregory Shannon,
chief scientist at CERT, a federally funded
research center at Carnegie Mellon
University's Software Engineering
Institute, testified at a House Financial Services Financial Institutions and
Consumer Credit subcommittee hearing on Sept. 14.
The Department of Homeland Security even warned organizations in a security
advisory earlier this month that Anonymous may try to subvert "ideologically
dissatisfied, sympathetic employees
" to the group's cause. The
collective recently took to Twitter to persuade employees to hand over
information and access to enterprise networks, according to the Sept. 2
Damages inflicted on financial firms by managers, sales staff and other
non-technical personnel averaged about $800,000 per organizations, according to
figures collected by Carnegie Mellon's CERT
Organizations are "building walls" around the networks to keep
malicious perpetrators out, but having difficulty defending against
"potential menaces that are already on the inside of the fence," Shannon
said. Nearly half of all inside attackers at financial services firms conspired
with outsiders, and a third worked with colleagues to commit cyber-crimes,
according to Shannon. Employees have also stolen
intellectual property and sabotaged systems.
"The single takeaway from this news is a reminder that systems access,
while being essential, needs to follow a 'less is more' policy," Brian
Anderson, chief marketing officer at BeyondTrust, told eWEEK
the enterprise from those with the motive and privilege isn't just a function
of mission-critical servers--it should be incorporated in everything you do."
The potential for fraud depends on the amount of trust the employee has,
John Rostern, managing director at Coalfire, told attendees at InfraGard
Cyber-Defense Summit in New York City
Sept. 14. The riskiest people are often high-level employees, those with
"extraordinary access to assets," Rostern said. Organizations have to
recognize the riskiest people in the organization and monitor activity, such as
performing regular background checks and ensuring they are not abusing their
access-level rights, he added.
"Trust but verify," Rostern said, quoting the phrase made famous
by former president Ronald Reagan.
"Individuals with direct access to core processing centers may be in a
position to steal intellectual property, insider information or data that can
damage the reputation of the company," Gordon Snow, assistant director at
the Federal Bureau of Investigation, testified at the same hearing. Theft of
intellectual property can cost businesses millions of dollars, as competitors
can develop the product and reach the market first, or leak information about
the company's business and financial plans to rivals, Snow said.