Cox Communications employee William Bryant recently pleaded guilty to information technology sabotage, having caused the loss of computer, telecommunications and emergency 911 services for thousands of Cox's business and residential customers throughout Dallas, Las Vegas, New Orleans and Baton Rouge.
Bryant faces a 10-year jail sentence and a US$250,000 fine, but the future is less certain for Cox. Although services were fully restored, the incident's effect on Cox's reputation has yet to be determined.
The Cox story, along with recently publicised incidents at NASA, Accenture, Gap and Medco, serve as a harsh reminder that insiders represent a common and often misunderstood threat. Data theft and sabotage can result in hard costs, compliance-related problems, legal fees, productivity loss and, possibly most costly, loss of reputation.
Insider threats are up 17 percent, according to the latest Computer Security Institute survey (a trend echoed by recent surveys by Deloitte and by CSO magazine). As IT and communication systems grow in complexity, so too do the numbers of employees, contractors and managed service providers required to maintain them. The spike in threats is not surprising given the often unfettered and unmonitored access these insiders have to critical corporate networks.
It should be clear that companies need to monitor insiders as aggressively as they do outsiders. However, policing insiders can prove challenging given the privileged access they require to do their jobs. Here are the five most common methods insiders use to access network resources and simple measures enterprise IT can take to protect against the implied threats.