Complex Data Associations Profiling an Inside Attacker Setting the Bar Detecting and Reporting Preventing the Inside Attacker What to Look For Litigation and Forensics

A typical U.S. organization loses about six percent of its annual revenue to insider fraud, accord-ing to estimates by the Association of Certifi ed Fraud Examiners and Ernst & Young’s Global Se-curity Survey published in September. In the context of the U.S. gross domestic product for 2003, that amounts to roughly $660 billion.1, 2 Is your company properly protected from insiders who maliciously or unintentionally abuse their systems access to steal secrets, sell personal data or accidentally allow malicious code onto their computers (and hence, into the network)? The recent 2006 CSI/FBI security survey revealed that over 70 % of network abuse is caused by an insider – and this only includes the insiders that were caught, so the actual number could be higher. Carnegie Mellon University (CMU) estimates in a 2006 report that the number of incidents caused by insiders is increasing by 3-5 % annually, which is consistent across organiza-tions of any size. However since many insider attacks go unreported because organizations do not want to publicize the breach or do not know it is happening, these numbers are only esti-mates. Therefore all organizations need to be concerned about rogue or careless insiders doing harm inside their network