Why Monitor?
Organized crime and insider threats are changing the security landscape, and provide ample rationale for proactive security monitoring.
The Miscreant Economy and Organized Crime
An enormous amount of money is being stolen every day—enough, in fact, to drive coordination and cooperation within groups of criminals. This illicit partnership has accelerated the development of sophisticated malware (used for this purpose, it’s often called crimeware). Most information security organizations, both government and private, are ill-equipped to handle such threats with their existing technology and processes.
A 2008 study by F-Secure Corporation predicted that the use of malware for criminal activity would increase in countries such as Brazil, China, the former Soviet Union, India, Africa, and Central America. This is due to an abundance of highly skilled people who lack opportunities to use those skills in a legal manner.[6]
Although most of this activity is not directed at corporations, we have seen incidents that exploit knowledge of names or team/management relationships, allowing the creation of very believable phishing emails. This technique is often referred to as spearphishing.
In contrast, the actions of malicious insiders with access to critical information and intellectual property make up what is referred to as an insider threat.
Insider Threats
Studies from the U.S. Secret Service and the U.S. Computer Emergency Response Team Coordination Center (CERT/CC) validate the existence ...