El tratamiento de la enfermedad de Alzheimer

There are three common types of crime that insiders commit, namely information technology (IT) sabotage, theft of intellectual property (IP), and fraud, as reported in the literature (Agrafiotis, Erola, Happa, Goldsmith & Creese, 2016; Cappelli, Moore & Trzeciak, 2012; Elmrabit et al., 2015). The three categories of insider crimes will be discussed below.

2.2.3.1 IT sabotage

IT sabotage refers to a case where insiders exploit information technology to harm an individual or an organization directly. Every organization that uses IT to manage its activities is in danger of facing IT sabotage threats. As per the database collected by Computer Emergency Response Team (CERT), in one of the cases an insider destroyed a database of research works on cancer which was never recovered (Cappelli et al., 2012). In another case, critical data of a financial institution was deleted when all servers of the organization were affected by a logic bomb and there was no data for operation when the institution opened for business in the morning.

According to Cappelli et al. (2012) and Elmrabit et al. (2015), these types of attacks are committed by technically sophisticated IT professionals, as system administrators suggest both technical and non-technical solutions to mitigate IT sabotage (Cappelli et al., 2012; Elmrabit et al., 2015; Sanzgiri & Dasgupta, 2016).

A study conducted by Keeney, Kowalski, Cappelli, Moore, Shimeall and Rogers (2005)

affirms that “40% of insiders who have committed IT sabotage have a criminal history, including being involved in violent offenses, alcohol or drug-related offenses and non- financial/fraud-related theft offenses” (p.12). Another suggestion by the authors is that clearly communicating organizational IS security policies are important so that employees will not commit a crime unknowingly, and hence eliminating any excuse for fraudulent behaviour. They also suggest that supervisors should be trained in security

precautions so that they will clearly understand any deviation from normal behaviour to take the necessary action such as sanctioning a potential insider.

One of the technical solutions suggested by the authors is to monitor and eliminate any unknown access paths such as shared accounts and logic bombs and to disable the paths once they are known. Monitoring any change in source codes of the organizational information system is also important. It is very important to secure system logs, as the logs show the activities of the insider. It is suggested that organizations take measures to protect electronic back-ups, as the back-ups may be targeted by insiders and used to recover a system that has been attacked by IT sabotage.

2.2.3.2 Theft of intellectual property (IP)

Theft of intellectual property refers to attempts by insiders to steal the intangible assets created and owned by the organization that is very important to achieve its mission (Cappelli et al., 2012).

Cappelli et al. (2012) compiled a database in which they show previous incidents with stolen intangible assets through theft of IP, including:

• Proprietary software/source code

• Business plans, proposal, and strategic plans

• Customer information

• Product information (designs, formulas, schematics)

In one of the incidents compiled by CERT, an insider stole trade secrets worth $40 million by copying them to removable media. She later used these secrets to start her own business with her husband. In another case, an engineer who was working for a high-tech company stole trade secrets from his organization and initiated similar businesses by acquiring funding from foreign organizations.

According to Cappelli et al. (2012), most of the insiders stole IP not to gain financial advantage by selling it to external parties but rather to gain business advantage to either

start their own businesses or to use it for their work in another organization or to start businesses by partnering with foreign governments and companies.

An interesting finding by Cappelli et al. (2012) is that all of the intellectual property (IP) theft cases were committed not by IT staff like system administrators as most people would assume; rather it was committed by other employees such as scientists, engineers, programmers or salespeople. These insiders committed the crimes by using their authorized credentials and during normal working hours, which makes it challenging to tackle. Cappelli et al. (2012) suggest organizations adopt technical solutions like “digital watermarking, digital rights management, and data loss prevention systems to prevent the problem from occurring” (p.352). It is also suggested that employees who are leaving the organization should be monitored, as most of the cases concerning IP theft were committed by such employees (Cappelli et al, 2012).

2.2.3.3 Insider fraud

Insider fraud, as defined by Weiland, Moore, Cappelli, Trzeciak & Spooner (2010) “is an

insider’s use of IT for the unauthorized modification, addition, or deletion of an

organization’s data (not programs or systems) for personal gain, or the theft of information that leads to an identity crime (identity theft, credit card fraud)” (p.8). This crime will seriously affect the organization as it may lose its customers’ trust; for instance, if the credit card number of a customer is stolen.

In one instance, as compiled by CERT databases, a customer service representative who was responsible for processing health insurance claims intentionally changed the address of medical care providers who rarely filed claims. He then laid a claim on behalf of the medical care providers and later collected $20 million from his fraudulent activities. In another case, a database administrator who was responsible for maintaining the customer records of an insurance company downloaded the personal information of customers, including their credit card details by using removable media in an attempt to take revenge on his organization. He complained that he was not fairly paid for his work.

He also planned on using the database to make money by selling it to online fraudsters. As revenge, he posted the credit card details of the employees in an online newsgroup of fraudsters and also encouraged them to abuse the credit cards. He carried out these fraudulent activities for more than two years until an undercover agent who approached him as a buyer of credit cards caught him.

Like theft of intellectual property, current employees commit this type of fraud while they are performing their normal activities during normal office hours. They compromise their authorized credentials to abuse the system to gain personal benefits rather than achieving the organizational mission. However; the difference between theft of IP and IT sabotage is that insider fraud is committed mostly by lower-level employees and not the middle and upper-level employees. The fraudsters are mainly motivated to gain financial benefits (Cappelli et al., 2012). Another feature of insider crimes is that insider fraud takes a long time to occur. According to the CERT databases, insider fraudulent activities take about fifteen months on average to occur (Cappelli et al., 2012).

With respect to mitigation strategies, Cappelli et al. (2012) suggests that there is a need to focus on prevention, detection and response approach, as with other insider crimes. The preventive approaches should focus on reducing opportunities for crimes to be carried out. For instance, an employee with a criminal history is likely to commit the same crime to his current employees. Thus, there is a need to check the backgrounds of employees before making a decision to hire the employee.

Insider fraud can be detected in two ways, namely by using internal controls and involving external parties’ investigators from law enforcement. The organization may detect insiders in the planning stage, either during insider recruitment or through online execution. In serious fraud cases where external fraudsters are involved, they may cooperate with external law enforcement agencies for undermining the investigation (Cappelli et al., 2012).