Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft: Protecting the Enterprise from Sabotage, Spying, and Theft [NOOK Book]


The Secret Service, FBI, NSA, CERT (Computer Emergency Response Team) and George Washington University have all identified “Insider Threats? as one of the most significant challenges facing IT, security, law enforcement, and intelligence professionals today.

This book will teach IT professional and law enforcement officials about the dangers posed by insiders to their IT infrastructure and how to mitigate these risks by designing and ...
See more details below
Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft: Protecting the Enterprise from Sabotage, Spying, and Theft

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$21.49 price
(Save 41%)$36.95 List Price


The Secret Service, FBI, NSA, CERT (Computer Emergency Response Team) and George Washington University have all identified “Insider Threats? as one of the most significant challenges facing IT, security, law enforcement, and intelligence professionals today.

This book will teach IT professional and law enforcement officials about the dangers posed by insiders to their IT infrastructure and how to mitigate these risks by designing and implementing secure IT systems as well as security and human resource policies. The book will begin by identifying the types of insiders who are most likely to pose a threat. Next, the reader will learn about the variety of tools and attacks used by insiders to commit their crimes including: encryption, steganography, and social engineering. The book will then specifically address the dangers faced by corporations and government agencies. Finally, the reader will learn how to design effective security systems to prevent insider attacks and how to investigate insider security breeches that do occur.

Throughout the book, the authors will use their backgrounds in the CIA to analyze several, high-profile cases involving insider threats.

* Tackles one of the most significant challenges facing IT, security, law enforcement, and intelligence professionals today

* Both co-authors worked for several years at the CIA, and they use this experience to analyze several high-profile cases involving insider threat attacks

* Despite the frequency and harm caused by insider attacks, there are no competing books on this topic.books on this topic

Within this text is information to teach IT professionals and law enforcement officials about the dangers posed by insiders to a company's IT infrastructure and how to mitigate these risks by designing and implementing secure IT systems as well as security and human resource policies.

Read More Show Less

Product Details

  • ISBN-13: 9780080489056
  • Publisher: Elsevier Science
  • Publication date: 12/15/2005
  • Sold by: Barnes & Noble
  • Format: eBook
  • Pages: 350
  • File size: 3 MB

Meet the Author

Dr. Eric Cole is an industry recognized security expert, technology visionary and scientist, with over 15 year’s hands-on experience. Dr. Cole currently performs leading edge security consulting and works in research and development to advance the state of the art in information systems security. Dr. Cole has over a decade of experience in information technology, with a focus on perimeter defense, secure network design, vulnerability discovery, penetration testing, and intrusion detection systems. Dr. Cole has a Masters in Computer Science from NYIT, and Ph.D. from Pace University with a concentration in Information Security. Dr. Cole is the author of several books to include Hackers Beware, Hiding in Plain Site, Network Security Bible and Insider Threat. He is also the inventor of over 20 patents and is a researcher, writer, and speaker for SANS Institute and faculty for The SANS Technology Institute, a degree granting institution.

Read More Show Less

Read an Excerpt

Insider Threat

Protecting the Enterprise from Sabotage, Spying, and Theft
By Eric Cole Sandra Ring


Copyright © 2006 Syngress Publishing, Inc.
All right reserved.

ISBN: 978-0-08-048905-6

Chapter One

What Is There to Worry About?

Topics in this chapter:

* The Devil Inside * The Importance of Insider Threat * Why the Insider Threat Has Been Ignored * Why the Insider Threat Is Worse Than the External Threat * The Effect of Insider Threats on a Company * How Bad Is It—Statistics on What Is Happening * Targets of Attack * The Threat Is Real * New World Order * Future Trends


I was sitting at my desk when my phone rang. I answered the phone and it was a large pharmaceutical company who was interested in consulting services. They started off the conversation stating that they had some problems and thought that my company might be able to help. They had noticed a trend with one of their foreign competitors. Every time they went to release a new product (in this case a new drug), one of their competitors would release a similar drug with a similar name several weeks before them and would beat them to market. If you understand the drug industry, you'll know that this is a serious problem. The first company to get a product to market usually is able to obtain a higher market share and higher demand than its competitors. Therefore, this represented a huge monetary loss to the company and the executives were concerned.

This initially sounded like a potential problem but I needed more details. My follow-up question was how often had this occurred and over what time period. The executive I was talking with said it had happened eight times over the prior 12 months. I was sitting there thinking: You think there is a problem? My next question was, "Why did you wait so long to call someone?" Their answer was, "We figured it was just a coincidence, because the only way this could have happened was if an insider was giving the information to a competitor and we trust all of the employees so this could not be the case." Over the next several months they were going to realize how wrong that previous statement was.

I led an internal assessment team and over the course of several months found three different groups of people (each consisting of 2-4 people), working for two different competitors. Actually, one group was working for a foreign competitor and the other two groups were working for a foreign government.

The fact that this story is true is scary, but what makes it even more troubling is that this happened more than 18 months ago and I have worked on and am aware of at least 15 other similar cases. The average monetary loss of the case I worked on was estimated at $350 million annually.

The Devil Inside

"I trust everyone, it is the devil inside that I do not trust," is a great line from the movie The Italian Job. Everyone has the potential do to harm, including your employees. If you look at the minimal background checks that most companies perform on their employees, you have to wonder what that trust is based on. Why is it that once a total stranger is hired at your company, you now completely trust that person? Just because they are now called an employee does not mean they have loyalty to your organization and would do nothing to hurt the company. We do not want you to be so paranoid that your company cannot function, but a healthy dose of paranoia is good.

Aldrich Ames, Robert Hanssen, and other spies had one thing in common: they passed the polygraph (lie detector test) with almost a perfect score. How could a machine that tests whether people are lying not catch the biggest liars that cost so many people their lives? The reason is a polygraph does not detect lies, it detects guilt. In these cases, either the people felt justified by their actions and did not feel guilty about them or they were trained to be able to bypass and deceive people. Only by closely watching people over time will you start to understand that there are certain people who cannot be trusted.

Insider threat and corporate espionage rely on the fact that it is sometimes better to live in denial and be happy than to know the truth and have to deal with it. One of my associates recently found out his wife was cheating on him and was very annoyed with the person who told him. The person who told him said, "Why are you mad at me? Didn't you want to know?" And the person's response was, "No." It was easier to live with a lie than deal with the truth. While most executives might not be bold enough to admit this, it is very true in corporations and governments around the world. It is easier to trust your employees and keep life simple, than to suspect everyone and deal with the complexities it creates. However, if it will put your company out of business, cause hundreds of millions of dollars' worth of loss, or cause people to die, you might think differently about the answer.

Nobody wants to believe the truth, but corporate espionage via the insider threat is causing huge problems. Many companies either do not have the proper monitoring to realize or do not want to admit that it is happening to them. For some reason, with many crimes, including insider threat, victims feel embarrassed and ashamed. They are the victims, they did nothing wrong, but for some reason these criminals turn the tables on who is at fault. I have heard rape victims say that it was their own fault they were raped. I have also heard numerous times that it is a company's fault if they are stupid enough to be a victim to insider threat. With that mentality, who is going to admit that this happened to their company? The only person at fault is the attacker—not the victim.

The Importance of Insider Threat

Organizations tend to think that once they hire an employee or a contractor that that person is now part of a trusted group of people. Although an organization might give an employee additional access that an ordinary person would not have, why should they trust that person? Many organizations perform no background checks and no reference checks and as long as the hiring manager likes them, they will hire them. Many people might not be who you think they are and not properly validating them can be an expensive, if not a fatal, mistake. Because many organizations, in essence, hire complete strangers who are really unknown entities and give them access to sensitive data, the insider threat is something that all organizations must worry about.

If a competitor or similar entity wants to cause damage to your organization, steal critical secrets, or put you out of business, they just have to find a job opening, prep someone to ace the interview, have that person get hired, and they are in. The fact that it is that easy should scare you. Many companies have jobs open for several weeks and it could take a couple of weeks to set up an interview. That gives a competitor focused on your company a four-week period to prep someone to ace an interview. This is what foreign governments do when they plant a spy against the U.S. They know that a key criterion for that person is passing the polygraph, so they will put that person through intensive training so that he or she can pass the polygraph with no problem. This points out a key disadvantage that organizations have. The attacker knows what process you are going to follow to hire someone and all they have to do is prep someone so they ace that part of the process.

In terms of the importance, I often hear people say that it is only hype and that it cannot happen to us. This is synonymous to thinking that bad things only happen to others, they never happen to you; until they happen to you and then you have a different view of the world. I remember several years ago when my father got diagnosed with having a cancerous brain tumor. It shocked me, devastated me, and changed my views forever. Prior to that I knew that people had brain cancer but it was something that I could not relate to or understand because I never thought it could really happen to me or someone I love. Bad things happened to others, not to me. This is the denial that many of us live in, but the unfortunate truth is bad things do happen and they could be occurring right now and you just do not know about it.

Insider threat is occurring all the time, but since it is happening within a company, it is a private attack. Public attacks like defacing a Web site are hard for a company to deny. Private attacks are much easier to conceal.

Because these attacks are being perpetrated by trusted insiders, you need to understand the damage they can cause; how to build proper measures to prevent the attack; how to minimize the damage; and, at a minimum, how to detect the attacks in a timely manner. Many of the measures companies deploy today are ineffective against the insider. When companies talk about security and securing their enterprise, they are concerned with the external attack, forgetting about the damage that an insider can cause. Many people debate about what percent of attacks come from insiders and what percent of attacks come from outsiders. The short answer is who cares? The real answer is this:

* Can attacks come from external sources?

* Can an external attack cause damage to your company?

* Can an external attack put you out of business?

* Can attacks come from internal sources?

* Can an internal attack cause damage to your company?

* Can an internal attack put you out of business?

Since the answer to all of these questions is YES, who cares what the percent is? Both have to be addressed and both have to be dealt with. I would argue that since the insider has access already, the amount of damage they can cause is much greater than an external attacker and the chances of getting caught are much lower. If an attacker comes in from the outside, he has access only to systems that are publicly accessible and he has to break through security devices. If an attacker comes from the inside, she has full access and minimal if any security devices to deal with. As our digital economy continues to grow and the stakes increase, anyone who wants serious access to an organization is not even going to waste his time with an external attack, he is going to go right for the trusted insider.

Finally, to highlight the importance of insider threat, everyone is getting on the bandwagon. The Unites States Secret Service is conducting a series of studies on the insider; conferences are popping up on the subject. Why? Because billions of dollars are being lost and something has to be done to stop the bleeding. You will never be able to completely remove the insider threat because companies need to be able to function. If you fire all your employees, you might have prevented the insider attack, but you will also go out of business. The key is to strike a balance between what access people need and what access people have.

Insider Threat Defined

Since everyone uses different terminology, it is important to define what we mean by insider threat. The easiest way to get a base definition is to break the two words apart. According to, insider is defined as "one who has special knowledge or access to confidential information" and threat is defined as "an expression of an intention to inflict pain, injury, evil, or punishment; an indication of impending danger or harm; or one that is regarded as a possible danger." Putting this together, an insider threat is anyone who has special access or knowledge with the intent to cause harm or danger.

There is a reason that the insider threat is so powerful and most companies are not aware of it; it is because all the standard security devices that organizations deploy do little if anything to prevent the insider threat.

However, as much as we do not want to admit it, this is no longer true (if it ever was). The problem with insider threat is that it takes only one person who is disgruntled and looking for a quick payoff or revenge and your company is compromised. Unfortunately, it is really that easy and one of the many reasons that the problem has gotten so out of hand.

The world is also a different place than it once was. Most people today, by the time they are at the age of 30, have had more jobs than both their parents combined across their entire careers. In the past, people worked for one company for 30 years and retired. Having worked for one company for an entire career builds loyalty. However, today people switch companies fairly often and while most people are not intentionally out to perform corporate espionage, there is a high chance they can inadvertently perform it. When you switch companies, you most likely are going to stay within the same industry, unless you are making a complete career change, which is unlikely. Therefore, the chance that you are going to work for a competitor is very high. This means some of your knowledge from your previous employer, despite your best efforts, will leak over into this new company.


Excerpted from Insider Threat by Eric Cole Sandra Ring Copyright © 2006 by Syngress Publishing, Inc.. Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Part I – Insider Threat Basics
1. What Is There To Worry About? (40 pages)
2. Behind the Crime (60 pages) Part II – Government 3. State and Local Government (40 pages)
4. Federal Government (40 pages) Part III - Corporations
5. Commercial (40 pages)
6. Banking and Finance Sector (40 pages)
7. Government Contractors (20 pages) Part IV –Analysis
8. Profile (30 pages)
9. Response (20 pages)
10. Survivability and Prevention (40 pages)
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing 1 Customer Reviews
  • Anonymous

    Posted October 21, 2006


    Do you know how to prevent employees and contractors from stealing your corporate data? If you don¿t, then this book is for you. Authors Eric Cole and Sandra Ring, have done an outstanding job of writing a book that shows you how to protect your enterprise from sabotage, spying and theft. Cole and Ring, begin with an introduction on how bad the insider threat problem really is and why you should be concerned about it. Then, the authors cover a wide range of technologies and methods that can be used by an insider to cause harm to a company. Next, they discuss unique insider threats to state and local government institutions. The authors continue by drawing your attention to the fact that insiders within the federal government do not just commit espionage. They also discuss various threats to information, such as sabotage and theft, the impact of these actions to the reputation and financial health of organizations, and describe several real-life case studies involving well-known commercial companies. Next, the authors highlight the threat of identity theft and what institutions can do to help prevent insiders from participating in fraud rings. The authors also focus on insider threats from government contractors. Then, they do a profile of insider threats. The authors continue by showing you how to respond to problem of insider threat by looking at technologies and concepts that can be used to control and limit the damage that insiders can perform. Finally, they examine how a company goes about surviving an insider threat and increasing their defenses over time to minimize the amount of damage it will cause. This most excellent book will show you why internal threats are exponentially more dangerous that external threats. More importantly, this book will show you how to protect your most important intellectual property assets.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing 1 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)