Cyber Threat From Within

Uploaded on 2015-12-02 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Even as organizations hunker down for a long and expensive siege against attackers from cyberspace, a determined employee with the right kind of access can be as much of a threat, if not more. Whether disgruntled or dishonest, whether destroying records or stealing intellectual property, it is shockingly easy for insiders to wreak havoc on your most valuable digital assets.

Unprotected data can leave your office on a thumb drive, a laptop, or through a personal email account. Once outside, there are plenty of lively markets for it, both online and off. From competitors looking for trade secrets, to criminals stealing customer data, to rogue states breaching national security — and much more — there is no shortage of buyers for any information that can be monetized.

Far too many organizations are unprepared for insider threats. Their data isn’t properly segmented. Password policies are too lax. Mobile devices are insecure. Access permissions are not adequately policed.

As a result, a company’s crown jewels can be left exposed. Even your most loyal employees — those with no mischief on their minds — will seek out unprotected data simply because it’s there and they can access it. The problem escalates when an employee with personal issues — debts, drug use, family issues, etc. — succumbs to the temptation to turn access into opportunity. And when that employee works in IT, or even runs the IT department, the damage can be catastrophic.

In the face of these threats, data security needs to be taken far more seriously than it too often is. The crown jewels must be walled off, with access strictly limited on a need-to-know basis. Checks and balances must be established — IT, compliance, and cybersecurity must be responsible for watching over each other. Policies for activating and de-activating accounts must be tightened.

Most organizations have neither the resources nor the personnel to assess current practices, recommend the proper changes, and institute the stricter policies and procedures necessary to protect data going forward. Professional help is usually required.

There is no substitute for instilling the basics of data security throughout the organization. Employees need to be trained by experts in the dos and don’ts. They need to know how to create a proper password. They need to know not to share passwords with co-workers. They need to understand the consequences of insider leaks, even if unintentional.

Email, in particular, is a security breach waiting to happen. Email attachments must not be forwarded to personal accounts. Co-mingling of accounts — work and personal on the same device — need to be restricted, if not eliminated. Awareness of spear-phishing and other “social engineering” ploys needs to be taught and constantly reinforced.

If you suspect an insider has been tampering with your data, intense scrutiny — of computer logs, of email traffic, of work processes and procedures — is absolutely essential. The goal is to identify patterns of employee behavior to determine where the breach came from, what damage has been done, and who is responsible.

There are many questions to consider: Who recently accessed a particular shared folder — and why? Who is accessing documents they should not normally be seeing? Is someone from finance copying a strategy statement? Is someone from marketing looking at technical specs? Is someone who has always left the office at 5 pm suddenly staying until 8 pm every night?

Once these questions are answered, there is still a great deal of detective work to do: interviewing personnel, narrowing down suspects, examining motives, figuring out how the breach was carried out. For each step in this process, it is best to engage expert help. Your organization is unlikely to possess the skills to either identify the breach or pin down the suspect.

It cannot be overstated that for any insider incident, the adequacy of the response will be commensurate with the level of advanced preparation. Policies need to be established, procedures tightened, employees thoroughly trained, and remediation plans carefully laid out ahead of time.
Doing these things right may require outside assistance, but once they’re in place, your organization will be in a much better position to prevent breaches in the first place — and to respond to them when they occur.
K2Intelligence: http://bit.ly/1XE2v5Z

« The Road to Measuring and Interpreting Big Data
Russian Financial Cybercrime »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Malwarebytes

Malwarebytes

Malwarebytes provides artificial intelligence-powered technology that stops cyberattacks before they can compromise computers and endpoints.

Fortinet

Fortinet

Fortinet is a provider of network security systems. Our products provide protection against dynamic security threats while simplifying the IT security infrastructure.

ProPay

ProPay

ProPay provides secure payment solutions for organizations ranging from small businesses to large enterprises requiring complex payment solutions.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

ThreatSTOP

ThreatSTOP

ThreatSTOP is a cloud-based automated threat intelligence platform that converts the latest threat data into enforcement policies to stop attacks before they become breaches.

iONLINE

iONLINE

iONLINE delivers high quality IT services and solutions to businesses in Azerbaijan.

Cyberens

Cyberens

Cyberens provide cybersecurity consulting services in IT sectors relating to defense and space, banking, industrial control systems and IoT.

Aligned Technology Solutions (ATS)

Aligned Technology Solutions (ATS)

ATS manage, monitor, and maintain everything from your network and servers to your workstations and mobile devices, and we do it proactively to eliminate downtime and keep hackers at bay.

Cira Info Tech

Cira Info Tech

Cira InfoTech’s cyber security and network consulting and managed services deliver unmatched talented resources and capabilities required to design and build an agile and adaptive IT environment.

SEIRIM

SEIRIM

SEIRIM delivers cybersecurity solutions in Shanghai China specializing in Web Application Security, Network Security for SME's, Vulnerability Management, and serving as Managed Security as a Service.

StrataCore

StrataCore

StrataCore is a single-source technology lifecycle advocate that works behind IT teams as a strategic partner to help them achieve peak enterprise outcomes.

McKinsey & Company

McKinsey & Company

McKinsey & Company is a global management consulting firm. We are trusted advisor to the world's leading businesses, governments, and institutions.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

NASK

NASK

NASK is a National Research Institute under the supervision of the Chancellery of the Prime Minister of Poland. Our key activities involve ensuring security online.

TetherView

TetherView

TetherView provides leading virtual desktop and email security technology to help businesses stand up and manage digital workspaces.

Datos Insights

Datos Insights

Datos Insights is a leading global provider of insights, data, and advisory services to the financial services, insurance, and retail technology industries.