[ISN] Cybercriminals, Insiders May Work Together To Attack Businesses

From: InfoSec News <alerts_at_private>
Date: Tue, 16 Nov 2010 00:13:14 -0600 (CST)
http://www.darkreading.com/insiderthreat/security/perimeter/showArticle.jhtml?articleID=228200983

By Robert Lemos
Contributing Writer
DarkReading
Nov 15, 2010 

For 19 months, an employee at Johns Hopkins Hospital allegedly stole 
patients' identities, feeding the information to four outsiders who used 
the data to charge more than $600,000 in goods on store credit. Jasmine 
Amber Smith, 25, has been charged with using her inside access to fuel 
the identity theft ring.

Employees working with cybercriminals might not be the norm for security 
breaches, but it's not a rare crime, either, experts say. It's not 
unusual for cybercriminals to gain inside access through bribery and 
solicitation -- two components of social engineering, according to 
Verizon Business' Data Breach Investigations Report. Social engineering 
accounted for 28 percent of breaches analyzed in the report, with 
solicitation and bribery leading to nearly a third of those breaches.

"These were scenarios in which someone outside the organization 
conspired with an insider to engage in illegal behavior," the report 
says. "They recruit, or even place, insiders in a position to embezzle 
or skim monetary assets and data, usually in return for some cut of the 
score."

While stolen data can cause public relations headaches and lose the 
goodwill of customers, a company's customer data may not be its most 
valuable asset. Companies' proprietary knowledge and corporate secrets 
-- such as business plans, trade secrets, and sales forecasts -- are, on 
average, twice as valuable, according to a March 2010 report by analyst 
firm Forrester Research (PDF). Yet the loss of such data is usually not 
reported, experts say.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Nov 15 2010 - 22:13:14 PST

This archive was generated by hypermail 2.2.0 : Mon Nov 15 2010 - 22:20:26 PST