Two papers popped up as mentioned on another site I visit. First a paper discussing a number of insider security incidents over the past 8 years involving about 26 insiders at financial institutions. Second, a 4 year old paper from the DoD outlining means of mitigating insider threats.
Snippets shamelessly snagged from the other site in regards to the first paper:
“- Most of the incidents in the banking and finance sector were not technically sophisticated or complex. They typically involved the exploitation of non-technical vulnerabilities such as business rules or organization policies (rather than vulnerabilities in an information system or network) by individuals who had little or no technical expertise. In 87% of the cases the insiders employed simple, legitimate user commands to carry out the incidents, and in 78% of the incidents, the insiders were authorized users with active computer accounts.
– The majority of the incidents (81%) were devised and planned in advance. Furthermore, in most cases, others had knowledge of the insider’s intentions, plans, and/or activities. Those who knew were often directly involved in the planning or stood to benefit from the activity.
– Most insiders (81%) were motivated by financial gain, rather than a desire to harm the company or information system.
– Insiders in this report fit no common profile. Only 23% held a technical position, 13% had a demonstrated interest in hacking and 27% had come to the attention of a supervisor or co-worker prior to the incident.
– Most of the incidents (83%) were executed physically from within the insider’s organization and took place during normal business hours.”