Source: Gov Info Security
03 Oct 2019

A former U.S. Army contractor has been sentenced to two years in federal prison after pleading guilty to an insider attack that caused over $1 million in damages to a Pentagon client of his employer, according to the Department of Justice.

Barrence Anthony, 40, of Waldorf, Maryland, pleaded guilty in May to a single count of unlawfully accessing a protected computer. On Friday, a federal judge in Virginia sentenced the former systems engineer to two years in prison as well as ordering him to pay $50,000 in restitution, according to court documents.

For several years, Anthony worked as an engineer for Federated IT, a federal contractor that provides technology and support services for a number of different military and federal government agencies, according to the Justice Department.

Increasing Insider Threats

The federal case against Anthony highlights a growing trend of malicious insiders causing damage to the companies that they work for, according to security experts.

Nearly 20 percent of all cybersecurity incidents, as well as 15 percent of data breaches, that happened in 2018 were the result of either an accidental misstep by an employee or malicious behavior by a current or former worker, according to the Verizon 2019 Data Breach Investigations Report. The study adds that malicious insider behavior has increased at least 50 percent since 2015.

The cases of insider threats have intensified as employees have become increasingly mobile and hyper-connected, says Steve Durbin, managing director of the Information Security Forum, a London-based cyber, information security and risk management firm.

“Nearly every worker has multiple, interconnected devices that can compromise information immediately and at scale,” Durbin says.

Durbin added that the network openings that allow outside attackers to burrow in, infect databases and potentially take down an organization’s file servers, overwhelmingly originate with trusted insiders.

“In some cases, those insiders are driven by malicious intent – the desire to enrich themselves through the sale of sensitive data or to retaliate for a perceived slight or mistreatment,” Durbin adds.

Read Full Article