Stories by Jim Routh and Gary McGraw

The lifestyle hackers

The insider threat, the bane of computer security and a topic of worried conversation among CSOs, is undergoing significant change. Over the years, the majority of insider threats have carried out attacks in order to line their pockets, punish their colleagues, spy for the enemy or wreak havoc from within. Today's insider threats may have something much less insidious in mind -- multitasking and social networking to get their jobs done.
There's a growing risk within most organisations today that is clearly an insider threat but is also clearly not caused by a disgruntled or disillusioned employee. In fact, the new insider threat is more likely to manifest itself as a gung-ho new employee or contractor. And more often than not, the new insider threat is a recently hired twenty-something. We've coined the term "lifestyle hacker" to refer to this new cadre of insider threats. The lifestyle hacker does not have malicious intent. Nevertheless, the lifestyle hacker is highly successful at skirting various corporate controls put in place to protect security-related websites and critical endpoints. The most interesting and ironic aspect of the lifestyle hacker is that he is motivated by the pursuit of productivity, often the very same motivation driving the implementation of various corporate controls (including but not limited to Web proxies, DLP solutions, firewalls, etc.).

Written by Jim Routh and Gary McGraw02 Nov. 09 22:00