Digital Transformation
Showing results for 
Search instead for 
Did you mean: 

Ponemon founder: Inside-out attacks can mirror outside-in attacks



According to the report “2013 Cost of Cyber Crime Study: United States,” the cost, frequency and time to resolve cyberattacks has risen for the fourth consecutive year. HP recently released the results from its global study, conducted by the Ponemon Institute, and the report determined that the most costly cybercrimes—to the tune of $11.56 million per organization annually—are caused by denial-of-service, malicious-insider and web-based attacks.


Keeping ne’er-do-wells out of your enterprise is no easy feat—fighting cybercriminals inside your office is even tougher. Discover Performance recently interviewed Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, to learn more about keeping malicious insiders at bay, whether they are employees, contractors or vendors.


Q: According to the report, malicious insiders are particularly hard to detect and expensive. Why?

Ponemon: We find a lot of organizations don’t think about an inside-out type attack in the same way they think about an outside-in attack, but they could be the same thing. You could have an internal bad guy working with an external bad guy. That combination leads to a very sophisticated, stealthy, and successful attack.


The most expensive attacks—the ones that lead to the theft of very, very valuable intellectual property such as a secret formula or defense design documents—often use that structure, where each party alone wouldn’t have the ability to get to the targeted information so they work in collaboration.


A malicious insider doesn’t have to be an employee. It could be a contractor or a vendor. They don’t necessarily need huge privileges—just a little bit of an edge—and with it they can get to that soft underbelly where there’s lots of information floating around. Companies have a hard time getting to the bottom of the problem when the root cause was a malicious insider.



Q: What are the techniques for detecting those types of attacks, and why aren’t people using them?

Ponemon: It's a surveillance issue. It involves monitoring your environment and trying to understand what people are doing, especially people in critical functions. You don’t have to have privileges to do dangerous things, but the people with privileges can do more dangerous things a lot faster.


So, you need to be looking at people who are doing unusual things and putting patterns together to see whether or not there’s something suspicious going on. This is where SIEM[Security Information and Event Management] or network intelligence technologies become very valuable, because you’re trying to look at different things that maybe look disjointed, and the tool can help you piece it together. It gives you a big picture that you might have something worthy of inspection by the security team.


For the average-size organization, even for a middle market company, trying to do that surveillance manually is very difficult, or nearly impossible. So the tools really matter.  


Another tactic to deal with a malicious insider is to have a bounty program. This means part of your security training is asking your front-line employees to spot suspicious activity, for example, someone in the cleaning crew looking at a computer sitting on someone’s desk. Having a responsible workforce can actually be very, very helpful.


So, it’s not all about technology, but the biggest problem is many companies don’t have the visibility in the network layer. As a result, they’re guessing who’s doing what, or they find problems too late, and that leads to huge costs


Learn more about the report by signing up for the web event “2013 4th Annual Cost of Cyber Crime Study Results” Oct. 29 at 10am (PT). In Europe, sign up for the web event Oct. 30 at 4pm (GMT), and in Asia, register for the event Oct. 31 at 11am (Sydney).

0 Kudos
About the Author


Alec Wagner is a longtime writer & editor, enterprise IT insider, and (generally) fearless digital nomad.

See posts for dates
See posts for locations
HPE at 2018 Technology Events
Learn about the technology events where Hewlett Packard Enterprise will have a presence in 2018.
Read more
See posts for dates
HPE Webinars - 2018
Find out about this year's live broadcasts and on-demand webinars.
Read more
View all