Prepare for Insider Onslaught, FIRST Warns Business, Government

Share Article

One of the world's leading Internet security organizations today warned businesses and governments to prepare for a surge in sabotage, thefts and other cyber-attacks by insiders as disaffected employees retaliate in the wake of the global depression.

Right now we're heading into a dark place where law enforcers and internet security experts are going to have to forget differences of approach and collaborate hard to find a methodology which ends cyber crime fast and still brings criminals to justice

The massive web of internet systems on which commerce, finance and government now depend faces insider attacks on an unprecedented scale as alienated victims of the global depression resort to sabotage and fraud for revenge and gain, the world's leading cyber security organization warned today.
As members of FIRST, the Forum of Incident Response and Security Teams, prepared to gather in Japan for their annual conference, its senior officers joined forces to urge organizations large and small to redouble their vigilance and step-up protection measures, saying that many were ill-prepared for an onslaught which could prove calamitous.

"One of the greatest security threats of our times is from insiders, as organizations lay off tens of thousands of workers," said Scott A. McIntyre, FIRST steering committee member and representative of the Netherlands-based KPN Computer Emergency Response Team (CERT).
"People know the axe is coming, and the longer employers prolong the swing of that axe the more danger they expose themselves to - either from sabotage or data theft. An employee who thinks he or she is for the chop can start fouling up systems which are critical to the organization, or decide to take an unauthorized pay-off by stealing a mass of data - for example the credit card details of thousands of customers - or do both."

Fellow steering committee member Yurie Ito, Director of JPCERT/CC, Japan cautioned:
"Don't think you're safer once the employee is laid off and outside the wall. A lot of these people know how the systems work - they have the keys to the castle and they know where the secret doors are. Even when companies think they have taken the necessary steps by removing ID and changing passwords these people have the knowledge and skill that means they still pose a threat. They are extremely dangerous."

London-based Tom Mullen, Security Chief for Telco giant BT, cited a number of precautions which organizations must now take as a matter of urgency.

Exit procedures should be scrutinized and re-scrutinized, especially for employees whose severance was involuntary. "You simply must have thorough exit and monitoring plans in place, and these need to be very specific when you're dealing with employees who had any kind of access to critical systems or data. You have to make sure that under no circumstances can a departing member of staff take any sensitive information out of the organization."

Particularly vulnerable to alienated insiders were any organizations which relied on single security systems or electronic systems only.
Security had to be "layered" to prevent any one individual or group getting too far and too extensively inside internal and external networks - and it was crucial that electronic systems were always backed up by physical security and personnel security controls.

"The threat from insiders is simply not the same as the threat that most companies consider when preparing their security and recovery plans," warned FIRST's Steering Committee chair, Derrick Scholl.

"Many organizations focus on their entry points and regular recovery mechanisms. How is somebody going to get in, what might they steal, and in the worst circumstances, how to restore from backups if outsiders do break in and crash something.

"Sure, an insider is capable of stealing corporate secrets, or customer lists, or destroying computers, but their potential for harm is far worse. Imagine a software company where an insider has the ability to change code in the product without being detected. What if they can also change the backups, or if the changes aren't detected until new backups are made?

"What if the insider altered design documents, or tampered with customer orders? Or ripped out hard drives and corrupted systems just as a big corporation was about to issue its quarterly bills to hundreds of thousands of customers?

"It's a totally different order of threat, and it requires a different way of thinking."

Interpol is among the latest organizations to sign up as a sponsor for the 21st Annual FIRST conference, which is being staged June 28-July 3, 2009, at the Hotel Granvia, Kyoto Station, Kyoto, Japan.

Vincent Danjean, Chief of Interpol's Information Security Incident Response Team, will be a keynote speaker. He says Interpol predicts that levels of cyber attacks and attempted frauds will go on increasing.

Peter Allor, who is IBM Internet Security Systems' Senior Security Strategist, Cyber Incident & Vulnerability Handling, Program Manager Office of the CTO, and FIRST's director of conference liaison, welcomed Interpol's decision to join the list of sponsors.

"Right now we're heading into a dark place where law enforcers and internet security experts are going to have to forget differences of approach and collaborate hard to find a methodology which ends cyber crime fast and still brings criminals to justice," he said.

At past conferences law enforcers and FIRST teams had admitted that collaboration was being impeded by opposing approaches: the priority for internet security practitioners was to prevent attacks or eradicate them as soon as launched; law enforcers wanted to let attacks unfold so detectives could track down the perpetrators.

"But top figures from law enforcement agencies like the US Secret Service, the FBI, Japan's police force and Britain's Serious Organized Crime Agency have told us they can't mount a real fight against cyber-crime without help from emergency response and security teams, so we're very happy - and honored - that Interpol are now confirming FIRST's pre-eminence in the field by coming on board."

Interpol joins, among others, Cisco Systems, Sun Microsystems, Google, BT, and Hitachi on a sponsors list for 2009 which has attracted more big names than ever before in the 21-year history of the FIRST conference.

"Never has there been such overwhelming support from sponsors at this point in the conference cycle," said Derrick Scholl. "It shows that during these troubled and threatening times, companies recognize the need to support our vital work in preserving global information security."

Founded in 1990, FIRST consists of internet emergency response teams from more than 200 corporations, government bodies, universities and other institutions from across the Americas, Asia, Europe and Oceania. It leads the world's fight-back against cyber-crime, sabotage and terrorism, and also promotes co-operation between response teams and law enforcement agencies.

Read about the FIRST Kyoto Conference in full, and sponsor or enroll at
Read more about FIRST at &


Share article on social media or email:

View article via:

Pdf Print