Insider Risk: What You Don t Know can Lead to Serious Consequences

Transcription

1 Insider Risk: What You Don t Know can Lead to Serious Consequences Dawn Cappelli Vice President, Information Risk Management CISO Office Rockwell Automation PUBLIC INFORMATION

2 Actual Insider Sabotage Case A company is inundated with phone calls from angry customers when their systems suddenly begin to malfunction without warning

3 3 Purpose of this Presentation Make sure this does not happen to you! Insider Risk Program

4 4 My Background Software Engineer, Westinghouse Electric Company Software Engineer, Carnegie Mellon University and the Software Engineering Institute Founder and Director, CERT Insider Threat Center - Carnegie Mellon University Software Engineering Institute Vice President, Information Risk Management, Rockwell Automation 2013-Present

5 Why is Insider Risk Important? Half of employees who left or lost their jobs in the last 12 months kept confidential corporate data 40% plan to use it at their new job One global company found 70% of their employees were taking information with them when they left the company Insider Risk Program The Information Technology sector is the highest in number of Insider Theft of Intellectual Property cases (according to the CERT Insider Threat Center) PUBLIC INFORMATION Manufacturing is 4th highest sector

6 Actual Insider Theft of Information Case Contract software engineer steals source code for the company s next generation product by tricking the security guard after hours.

7 Actual Insider Theft of Information Case Head of an engineering department allegedly was recruited to leave and join another company, and to take trade secrets with him, causing losses of more than $800 million.

8 Insider Cyber Sabotage PUBLIC INFORMATION 8

9 Actual Insider Cyber Sabotage Case A global financial institution cannot serve its customers when 10 Billion files are suddenly deleted from every server in the U.S. right at 9:00 AM when they open for business

10 Actual Insider Sabotage Case Contract system administrator shuts down computers at the power generation facility where he works, even though he had been suspended by his own company.

11 11 Building a Formal Insider Risk Program

12 12 Step #1: Create the virtual team Company Leadership Human Resources Information Technology Insider Risk Team Physical Security Information Security Legal

13 13 The Name is Important! Insider Risk Team

14 14 Step #2: Develop a technology roadmap with IT

15 15 Step #3: Build the foundation with HR and Legal

16 16 Step #4: Establish formal processes

17 17 Step #5: Implement the program globally

18 18 Step #6: Scale the program

19 19 Step #7: Implement continuous risk management Assets Points of Vulnerability High-risk Positions Threats

20 As soon as possible: Participate in the Insider Threat Community Household/ Personal Care Manufacturing / Assembly Heavy Industries Transportation Telecommunications Life Sciences Packaging Food & Beverage Print Publishing Entertainment Financial Research PUBLIC INFORMATION Retail Healthcare Semiconductors / Electronics 20

21 Summary We know insider risk is a significant global problem based on: Industry research Cases that have been in the news We owe it to our employees, customers, and people everywhere who could be impacted if our: Trade secrets are stolen Products are sabotaged If we do not do this: Jobs could be lost Customer information could be compromised Operational impacts at customer sites could have significant consequences

22 Questions?

23 Contact Information Please direct comments and questions to: Dawn Cappelli Vice President, Information Risk Management CISO Office Rockwell Automation