What's the Inside Attacker Profile?
The United States Secret Service and the Carnegie Mellon University Software Engineering Institute's CERT Coordination Center published an insider threats study report in 2005 which offered critical insights into the mind and motivation of the "inside attacker." According to the statistics gathered, the inside attacker is usually:
- Male
- 17-60 years old
- Holds a technical position (86 percent chance)
- May or may not be married (50/50 chance)
- Racially and ethnic diverse
Sufficiently broad pool? Absolutely. Here are some additional statistics, again from the same CERT study:
- In 92 percent of the incidents investigated, revenge was the primary motivator.
- Sixty-two percent of the attacks were planned in advance.
- Fifty-seven percent of the attackers surveyed would consider themselves "disgruntled."
- Eighty percent exhibited suspicious or disruptive behavior to their colleagues or supervisors before the attack.
- Only 43 percent had authorized access (by policy, not necessarily via system control).
- Sixty-four percent used remote access to carry out the attack.
- Most incidents required little technical sophistication.
No comments:
Post a Comment