See the startling results of meticulous analysis of hundreds of real life insider attacks and learn about new technologies that are able to detect the anomalous behavior patterns often before fraud occurs.
The analysis results clearly indicate that contrary to the majority of headlines, stealthy insiders pose a huge fraud risk to organizations, flying far under the radar for extended periods of time. These insiders are often senior, trusted staff with privileged access to accounts and valuable data. Alternately, innocent employees become pawns when they fall victim to social engineering or targeted attacks that lead to fraud.
The following questions will be answered:
How can I predict and/or detect an internal attack?
What is the ratio of internal to external fraud attacks and their associated value?
What types of attacks do internal actors carry out and why?
Additional Summit Insight: Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.
Even after the high-profile Edward Snowden leaks of information from the National Security Agency, most organizations still aren't taking insider threats as seriously as they should be. Too many organizations have not yet identified insider threats as being a critical issue. Yet, recent survey data indicates that insider fraud is the biggest threat to an organization.
Tracking and analyzing data that spans years is critical to detecting patterns that may indicate collusion or some other type of insider compromise. A common warning sign of insider fraud is the downloading of files or documents that are not germane to an employee's job.
In this presentation, Michael Theis, Chief Counterintelligence Expert at Carnegie Mellon University CERT Insider Threat Center discusses the types of insider schemes organizations most commonly face and the steps they can take to mitigate these risks. The presentation will:
Discuss types of insider threats and organization faces;
Review data and insights from the 2014 US State of Cybercrime Survey;
Define the types of insider threat activities; and
Provide mitigation strategies.
This session was recorded during the 2014 Fraud Summit Toronto. Additional recordings include:
Field is responsible for all of ISMG's 28 global media properties and its team of journalists. He also helped to develop and lead ISMG's award-winning summit series that has brought together security practitioners and industry influencers from around the world, as well as ISMG's series of exclusive executive roundtables.
Chief Counterintelligence Expert, Carnegie Mellon University CERT Insider Threat Center
Theis is chief counterintelligence expert at Carnegie Mellon's CERT Insider Threat Center. Theis has more than 25 years of experience as a counterintelligence supervisory special agent supporting the U.S. intelligence community, and more than 30 years of concurrent computer systems engineering experience. At Carnegie Mellon's CERT Insider Threat Center, Theis focuses on research and development of socio-technical controls in computational endoparacology. Previously, he was the first cyber counterintelligence program manager for the National Reconnaissance Office, where he served as chief of cyber-CI investigations and operations for more than six years.