Insider Threat Study: Computer System Sabotage in Critical Infrastructure Sectors

Abstract : Efforts to estimate how often companies face attacks from within are difficult to make. It has been suggested that insider attacks are under-reported to law enforcement and prosecutors. Reasons for such under-reporting include an insufficient level of damage to warrant prosecution, a lack of evidence or insufficient information to prosecute, and concerns about negative publicity. Moreover, statistics vary regarding the prevalence of cases perpetrated by insiders compared to those perpetrated by individuals external to the target organizations. The E-Crime Watch Survey(Trademark), carried out by the United States Secret Service (Secret Service), the CERT(Copyright R) Program of Carnegie Mellon University's Software Engineering Institute (CERT), and CSO Magazine in spring 2004, elicited responses from 500 security and law enforcement executives on issues related to electronic crimes. Among the 70 percent of respondents who were able to identify whether outsiders or insiders were responsible for an e-crime or intrusion committed in 2003, 71% reported that one or more attacks were known or suspected to have come from outsiders compared to 29% from insiders. Respondents identified current or former employees and contractors as the second greatest cyber security threat, preceded only by hackers.