Insider Threat: Your Greatest Risks

Interview with Dawn Cappelli of Carnegie Mellon University's Software Engineering Institute

By , April 1, 2010.
Insider Threat: Your Greatest Risks

I

See Also: Digital Identity Verification for Fraud Mitigation

nsider crimes are among the biggest threats to public and private sector organizations. And yet too many groups continue to struggle to prevent or even detect these crimes.

In an exclusive interview, Dawn Cappelli of Carnegie Mellon University's Software Engineering Institute, discusses:

  • Insider threat trends;
  • Biggest challenges for organizations looking to prevent crimes;
  • Steps organizations can take to reduce risk.

Cappelli is Technical Manager for the Threat and Incident Management Team of the CERT Technical Staff at Carnegie Mellon University's Software Engineering Institute (SEI). She has over 25 years experience in software engineering, including programming, technical project management, information security, and research. She is technical lead of CERT's insider threat research, a CyLab-funded project including the Insider Threat Study conducted jointly by the U.S. Secret Service and CERT. Before joining CERT in 2001, Cappelli was the Director of Engineering for the Information Technology Development Center of the Carnegie Mellon Research Institute (CMRI). Cappelli has a BS in Mathematics and Computer Science from the University of Pittsburgh.

TOM FIELD: What is the latest on the insider threat?

Hi, this is Tom Field, Editorial Director with Information Security Media Group. We are talking about the insider threat today with Dawn Cappelli, Technical Manager for the Threat and Incident Management Team with the CERT Technical Staff at Carnegie Mellon University's Software Engineering Institute.

Dawn, it is a pleasure to talk with you again.

DAWN CAPPELLI: Thank you.

FIELD: Now Dawn, you have got a new role here, so maybe you can tell us a little bit about that and what you are doing with CERT now?

CAPPELLI: Well, I have actually another team under me now in addition to the Insider Threat Team. But I started the Insider Threat Team in 2001, and so it is still going strong. We have actually expanded our work recently. In the past we have been collecting cases, and we continue to collect actual cases of insider threats, but over the past nine years we have been looking at the problem. What is the problem? Who does it? Why do they do it? How do they do it?

Over the past year, we have decided to start looking at solutions, and so instead of just looking at how they do it and why, now we are starting to really work with organizations and vendors on, okay, what are effective mitigation strategies? We have set up an insider threat lab where we are actually hands-on starting to test some solutions, and so we are very excited about the direction that our work is going.

FIELD: Well, Dawn, I want to ask you about the insider threat; it was a huge topic of conversation in 2009. What trends did you see emerge in the past year?

CAPPELLI: Well, we have seen a lot of fraud cases. I actually asked one of our database guys to pull the latest stats of the number of cases that we saw in 2009. Before I give you those stats, though, I just want to point out that a lot of times these cases don't really see the light of day for a while. So I am sure that there are more cases that are going to start hitting the press that happened in 2009, and they are just coming to light now, but of the cases that we collected last year, we have 20 fraud cases.

The fraud cases continue to grow, and you know I have to think that that's probably because of the data breach laws, because now organizations have to report data breaches, and so we keep seeing this upswing in fraud cases. So we had 20 of those; we had 14 cases of IT sabotage, and I still try to point out to organizations that everyone is susceptible to IT sabotage, so this is a crime that no matter what sector you are in, you need to pay attention to; and we had eight cases of theft of intellectual property; and we had 13 cases that really can't even categorize yet because we just don't have enough information on exactly what they did or how they did it or why they did it.

As far as what sectors we saw hit, the government sector had the most cases. Second was public health, which was pretty interesting because in the past that has not even gotten a very big slice of our pie when we do the breakdown, the pie chart by sector, so public health had a fair number. And then third was banking and finance.

FIELD: Dawn, as we are a quarter of the way into 2010 now, what do you see as the biggest concerns for organizations, particularly in these sectors that you have just identified?

Follow Tom Field on Twitter: @SecurityEditor

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Top Threat to Financial Institutions: Advanced Malware

Heartbleed, Shellshock, targeted attacks - the security threats to banking institutions are legion....

Latest Tweets and Mentions

ARTICLE Top Threat to Financial Institutions: Advanced Malware

Heartbleed, Shellshock, targeted attacks - the security threats to banking institutions are legion....

The ISMG Network