External attacks—pervasive intellectual-property hacking from China, the Stuxnet virus, the escapades of Eastern European gangsters—get plenty of attention. But attacks involving connected companies or direct employees pose a more pernicious threat. Insiders can do much more serious harm than external hackers can, because they have much easier access to systems and a much greater window of opportunity. The damage they cause may include suspension of operations, loss of intellectual property, reputational harm, plummeting investor and customer confidence, and leaks of sensitive information to third parties, including the media. According to various estimates, at least 80 million insider attacks occur in the United States each year. But the number may be much higher, because they often go unreported. Clearly, their impact now totals in the tens of billions of dollars a year.

Many organizations admit that they still don’t have adequate safeguards to detect or prevent attacks involving insiders. One reason is that they are still in denial about the magnitude of the threat. Over the past two years we have been leading an international research project… Read the rest