The Danger from

Within
By David M Upton & Sadie Crease
HBR Sept 2014
What cyber security consists off?
Communication security-protecting organization
communication media , technology , and content.

Network security-is the protection of networking

components, connection and content.

Information security-protection of information and its

critical elements , including the systems and hardware that
use , store or transmit that information.
Cyber crime

In Cybercrime the computer

used as an object or subject of
crime..
Who are these cyber criminals?
Here are seven common types of cyber criminals.
1) Script kiddies: A wannabe hacker. Someone who wants to be a hacker (or thinks they are) but lacks any
serious technical expertise. They are usually only able to attack very weakly secured systems.
2) Scammers: Your email inbox is probably full of their work. Discount pharmaceuticals, time-shares, personal
ads from available women in Russiasound familiar?
3) Hacker groups: Usually work anonymously and create tools for hacking. They often hack computers for no
criminal reason and are sometimes even hired by companies wanting to test their security.
4) Phishers: Gotten an email recently claiming your bank account is about to expire? Dont fall for these jerks.
They want your personal information and, most likely, your identity, by directing you to a phony websites.
5) Political/religious/commercial groups: Tend to not be interested in financial gain. These guys develop
malware for political ends. If you think this group is harmless, think Stuxnet. The Stuxnet worm which attacked
Irans Atomic Program of Its Nuclear Facilities was believed to be created by a foreign government.
6) Insiders: They may only be 20% of the threat, but they produce 80% of the damage. These attackers are
considered to be the highest risk. To make matters worse, as the name suggests, they often reside within an
organization.
7) Advanced Persistent Threat (APT) Agents: This group is responsible for highly targeted attacks carried out by
extremely organized state-sponsored groups. Their technical skills are deep and they have access to vast
computing resources.
http://www.faronics.com/news/blog/7-types-of-cyber-criminals/
Some of the types of Cyber Crimes
Hacking: This is a type of crime wherein
a persons computer is broken into so
that his personal or sensitive information
can be accessed. In hacking, the
criminal uses a variety of software to
enter a persons computer and the
person may not be aware that his
computer is being accessed from a
remote location.
Theft: This crime occurs when a person
violates copyrights and downloads
music, movies, games and software.
There are even peer sharing websites
which encourage software piracy and
many of these websites are now being
targeted by the FBI.
Cyber Stalking: This is a kind of online
harassment wherein the victim is
subjected to a barrage of online
messages and emails. Typically, these
stalkers know their victims and instead
of resorting to offline stalking, they use
the Internet to stalk.

Identity Theft: This has become a major

problem with people using the Internet
for cash transactions and banking
services. In this cyber crime, a criminal
accesses data about a persons bank
account, credit cards, Social Security,
debit card and other sensitive
information to siphon money or to buy
things online in the victims name.
Malicious Software: These are Internet-
based software or programs that are
used to disrupt a network. The software
is used to gain access to a system to
steal sensitive information or data or
causing damage to software present in
the system.
Recent cyber attacks
Insiders an unappreciated risk
Causes of growth
Why insiders do it?
Financial gain,

Revenge,
A number of
government and
private case studies
have established that
insiders who
knowingly participate
in cyberattacks have
a broad range of
motivations: Desire for recognition
and power,

Response to
blackmail,
How to Think About the Problem
Employ rigorous
Adopt a robust Look out for threats
Raise awareness. subcontracting Monitor employees.
insider policy. when hiring.
processes.
This should address Be open about It is more critical As the Target Let them know that
what people must likely threats so than ever to use breach you can and will
do or not do to that people can screening processes demonstrates, you observe their
deter insiders who detect them and be and interview must ensure that cyberactivity to the
introduce risk on guard against techniques designed your suppliers or extent permitted by
through anyone who tries to to assess the distributors dont law. You cannot
carelessness, get their assistance honesty of potential put you at riskby, afford to leave
negligence, or in an attack. hires. Examples for example, cybersecurity
mistakes. The Customize training include criminal minimizing the entirely to the
policy must be to take into account background checks, likelihood that experts; you must
concise and easy for what kinds of looking for someone at an raise your own day-
everyonenot just attacks workers in a misrepresentations external IT provider to-day awareness of
security and particular operation on rsums, and will create a back what is leaving your
technology might encounter. interview questions door to your systems as well as
specialiststo Phishing is a that directly probe systems. what is coming in.
understand, access, common way to a candidates moral
and adhere to. gain entry: compass.