Cyber Threat From Within

Uploaded on 2015-12-02 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Even as organizations hunker down for a long and expensive siege against attackers from cyberspace, a determined employee with the right kind of access can be as much of a threat, if not more. Whether disgruntled or dishonest, whether destroying records or stealing intellectual property, it is shockingly easy for insiders to wreak havoc on your most valuable digital assets.

Unprotected data can leave your office on a thumb drive, a laptop, or through a personal email account. Once outside, there are plenty of lively markets for it, both online and off. From competitors looking for trade secrets, to criminals stealing customer data, to rogue states breaching national security — and much more — there is no shortage of buyers for any information that can be monetized.

Far too many organizations are unprepared for insider threats. Their data isn’t properly segmented. Password policies are too lax. Mobile devices are insecure. Access permissions are not adequately policed.

As a result, a company’s crown jewels can be left exposed. Even your most loyal employees — those with no mischief on their minds — will seek out unprotected data simply because it’s there and they can access it. The problem escalates when an employee with personal issues — debts, drug use, family issues, etc. — succumbs to the temptation to turn access into opportunity. And when that employee works in IT, or even runs the IT department, the damage can be catastrophic.

In the face of these threats, data security needs to be taken far more seriously than it too often is. The crown jewels must be walled off, with access strictly limited on a need-to-know basis. Checks and balances must be established — IT, compliance, and cybersecurity must be responsible for watching over each other. Policies for activating and de-activating accounts must be tightened.

Most organizations have neither the resources nor the personnel to assess current practices, recommend the proper changes, and institute the stricter policies and procedures necessary to protect data going forward. Professional help is usually required.

There is no substitute for instilling the basics of data security throughout the organization. Employees need to be trained by experts in the dos and don’ts. They need to know how to create a proper password. They need to know not to share passwords with co-workers. They need to understand the consequences of insider leaks, even if unintentional.

Email, in particular, is a security breach waiting to happen. Email attachments must not be forwarded to personal accounts. Co-mingling of accounts — work and personal on the same device — need to be restricted, if not eliminated. Awareness of spear-phishing and other “social engineering” ploys needs to be taught and constantly reinforced.

If you suspect an insider has been tampering with your data, intense scrutiny — of computer logs, of email traffic, of work processes and procedures — is absolutely essential. The goal is to identify patterns of employee behavior to determine where the breach came from, what damage has been done, and who is responsible.

There are many questions to consider: Who recently accessed a particular shared folder — and why? Who is accessing documents they should not normally be seeing? Is someone from finance copying a strategy statement? Is someone from marketing looking at technical specs? Is someone who has always left the office at 5 pm suddenly staying until 8 pm every night?

Once these questions are answered, there is still a great deal of detective work to do: interviewing personnel, narrowing down suspects, examining motives, figuring out how the breach was carried out. For each step in this process, it is best to engage expert help. Your organization is unlikely to possess the skills to either identify the breach or pin down the suspect.

It cannot be overstated that for any insider incident, the adequacy of the response will be commensurate with the level of advanced preparation. Policies need to be established, procedures tightened, employees thoroughly trained, and remediation plans carefully laid out ahead of time.
Doing these things right may require outside assistance, but once they’re in place, your organization will be in a much better position to prevent breaches in the first place — and to respond to them when they occur.
K2Intelligence: http://bit.ly/1XE2v5Z

« The Road to Measuring and Interpreting Big Data
Russian Financial Cybercrime »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ISACA

ISACA

ISACA is a global professional association and learning organization for members who work in information security, governance, assurance, rissk and privacy.

Rubicon Workflow Solutions

Rubicon Workflow Solutions

Rubicon is a leading provider of managed IT support and strategic services, specialising in creative and mixed platform environments.

SiteGuarding

SiteGuarding

SiteGuarding provide website security tools and services to protect your website against malware and hacker exploits.

Living Security

Living Security

Living Security specializes in metric driven and engaging security awareness solutions that reduce risk by increasing security culture and changing employee behaviour.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

The Security Company (TSC)

The Security Company (TSC)

The Security Company is a leading provider of creative employee security awareness programmes.

Curricula

Curricula

Curricula's cyber security awareness training delivers short relatable security stories to your employees. We make learning cyber security simple and fun.

CHEQ

CHEQ

CHEQ provides fully autonomous, preemptive technology for brand safety and ad-fraud prevention.

BlackhawkNest

BlackhawkNest

Blackhawk is the only cyber security solution on the market that combines network monitoring and incident response into a cohesive appliance.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

Data#3 Limited (DTL)

Data#3 Limited (DTL)

Data#3 Limited (DTL) is a leading Australian IT services and solutions provider.

Schneider Downs

Schneider Downs

Schneider Downs & Co. provides accounting, tax and business advisory services through innovative thought leaders who deliver their expertise to meet the individual needs of each client.

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

Mode Solutions

Mode Solutions

Mode guarantee IT performance where you need it most, creating seamless and secure solutions that will alleviate pressure from your business.

AuthenticID

AuthenticID

Our mission at AuthenticID is to combat fraud worldwide and help businesses protect their enterprise and valuable data assets.

Orchid Security

Orchid Security

Orchid Security provides unprecedented insight and action to your identity security with the help of advanced technologies like Large Language Models (LLM).