The trend lines for insider attacks are not as dramatic as those for outside attacks. Indeed, they have mostly held steady for a decade. But a 2011 survey found that nearly half of the organizations it polled reported an “insider incident” last year, suggesting the threat remains significant – and perhaps overlooked.
"Companies today are going to greater lengths to keep outsiders and nation-states out of their networks, yet insiders come to work every day,” says Dawn Cappelli, technical manager of the CERT Insider Threat Center, a division of the federally funded Software Engineering Institute at Carnegie Mellon University in Pittsburgh, Pa.
“Most of these malicious insiders do what they do every day," she adds.
During the past decade CERT has documented more than 700 cases of insider cyberattacks by previously trusted people at the computerized heart of many organizations.
The 2011 Cyber Security Watch Survey reported that 43 percent of 607 organizations queried reported an "insider incident" last year. That finding fits between the 2006 peak of 55 percent and the 2005 low of 39 percent.
The report also suggested that insider attacks are in many cases more damaging than outsider attacks. One-third of respondents said they were more costly than other types of attack, whereas 38 percent said attacks by outsiders were more costly.
Insider attacks break down to four main categories:
Ms. Cappelli of CERT has seen it all.