In the recent blog posts that I have written, I have stayed with a consistent theme:  That is, the Cyber attacker launching an attack directly from outside a business entity into  its IT infrastructure. In other words, this can be considered as an “Outside Attack”, because it is occurring in an environment that is external to the place of business or corporation.

But, there is yet another kind Cyber attack that is just as, or even more deadly that the Outside Attack.  This can be referred to as the “Inside Attack”.  In these instances, it is an attack which takes place from within the defense perimeters of the business or corporation.

Very likely, it will be an employee, or even a contractor or outside vendor whom has access to the critical IT infrastructure directly.  These types of attacks do not get reported as much as the outside attacks do, for one reason:  Corporate America does not want to look irresponsible in the eyes of their customers or shareholders.

This kind of threat is really in many ways, hard to combat than that of a Cyber attacker launching an attack from the outside. At least with this, for the most part, there are some telltale signs that the forensics investigation can look for in order to determine the actual origination point of the attack, and perhaps even identify the perpertrator themselves.

But with the style of the inside attack, a direct or an outsourced employee can be planning their moves in a very quiet and covert fashion.  Not only this, but more than likely, they will take their own sweet time to do this, without anybody suspecting anything.  Then when the time is right, he or she will then make their move.

Such is the case with Sun Trust Bank.  Just a couple of days ago, on an conference call, the company announced that an ex employee, working with a trusted outside vendor, stole records on some 1.5 million customers.

Luckily, it appears thus far that non sensitive information and data just included the customer’s name, address, phone number and in some instances, their account balances.  Social Security numbers, account numbers, PINs, User ID, passwords, or driver’s license information for some reason or another, fortunately, were not stolen.

The official press detailing this can be seen at this link:

As a form of remediation, Sun Trust is offering to both existing and new clients free Identity Protection services on an unlimited basis.  In these instances of Insider Threats, they are very hard to detect, because even the nicest employee could be planning something.  You just never know.  A business or corporation can do all of the credit and background checks they deem necessary on new hires, and existing and external employees, but nothing is ever guaranteed.

This does not imply to say that there are no clues as to whom could be planning an Inside Attack, but they are very difficult and subtle to ascertain and detect.  It takes an extremely well trained behavioral expert to see all of this.  And of course, this is an extra expense that Corporate America simply does not want to take on, and probably rightfully so.

So what can an entity do?  Probably the best line of defense is to maintain a confidential hotline in which suspicious can be reported.  That way, if there are common clues or behavioral traits that are appearing, management can then start consulting with a law enforcement agency, such as the FBI.  They are probably the best trained to handle these kinds of situations.

Also, be on the lookout for those employees that appear to be unhappy or disgruntled. For instance, if you gave an employee a bad job review or planning to terminate them, keep a more careful eye on them.  If it is the latter, make sure that they return all IT property immediately, and that you quickly disable all of their usernames and passwords so that they cannot get remote access for even the slightest of seconds.

This quote sums it up nicely:  “Inside threats are a very real and very significant problem, especially if you’re dealing with an employee who may be disgruntled or who is otherwise motivated to cause the business as much harm as possible. It’s an even harder problem to deal with if the employee was given legitimate, authorized access to critical data at any point as part of their normal job duties.”  (SOURCE: