[Owasp-Malaysia] Top Five Insider Attacks of the Decade

Harisfazillah Jamel linuxmalaysia at gmail.com
Mon Jan 17 19:11:43 EST 2011



Final Word

Much of the press coverage given to computer security is focused on
external attackers — for a number of reasons. Internal attacks may
never be discovered, or reported if they are. Unless a company is
required to disclose a breach, it may choose to deal with the attacker
by firing, disciplining, or tightening up security to keep former
employees out.

Many external attacks are wider scale and draw more attention. And,
unlike insider attacks, are probably more likely to be reported to the
authorities — which also draws the attention of the press.

Most employees are not out to harm their employer. However, there's no
way to ensure that's the case with all of an organization's employees
— so the best practice is to be cautious and take the appropriate
steps (see SANS Protecting Against Insider Attacks (PDF) to mitigate
and detect insider attacks).


More information about the Owasp-Malaysia mailing list