Cyber Threat From Within

Uploaded on 2015-12-02 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Even as organizations hunker down for a long and expensive siege against attackers from cyberspace, a determined employee with the right kind of access can be as much of a threat, if not more. Whether disgruntled or dishonest, whether destroying records or stealing intellectual property, it is shockingly easy for insiders to wreak havoc on your most valuable digital assets.

Unprotected data can leave your office on a thumb drive, a laptop, or through a personal email account. Once outside, there are plenty of lively markets for it, both online and off. From competitors looking for trade secrets, to criminals stealing customer data, to rogue states breaching national security — and much more — there is no shortage of buyers for any information that can be monetized.

Far too many organizations are unprepared for insider threats. Their data isn’t properly segmented. Password policies are too lax. Mobile devices are insecure. Access permissions are not adequately policed.

As a result, a company’s crown jewels can be left exposed. Even your most loyal employees — those with no mischief on their minds — will seek out unprotected data simply because it’s there and they can access it. The problem escalates when an employee with personal issues — debts, drug use, family issues, etc. — succumbs to the temptation to turn access into opportunity. And when that employee works in IT, or even runs the IT department, the damage can be catastrophic.

In the face of these threats, data security needs to be taken far more seriously than it too often is. The crown jewels must be walled off, with access strictly limited on a need-to-know basis. Checks and balances must be established — IT, compliance, and cybersecurity must be responsible for watching over each other. Policies for activating and de-activating accounts must be tightened.

Most organizations have neither the resources nor the personnel to assess current practices, recommend the proper changes, and institute the stricter policies and procedures necessary to protect data going forward. Professional help is usually required.

There is no substitute for instilling the basics of data security throughout the organization. Employees need to be trained by experts in the dos and don’ts. They need to know how to create a proper password. They need to know not to share passwords with co-workers. They need to understand the consequences of insider leaks, even if unintentional.

Email, in particular, is a security breach waiting to happen. Email attachments must not be forwarded to personal accounts. Co-mingling of accounts — work and personal on the same device — need to be restricted, if not eliminated. Awareness of spear-phishing and other “social engineering” ploys needs to be taught and constantly reinforced.

If you suspect an insider has been tampering with your data, intense scrutiny — of computer logs, of email traffic, of work processes and procedures — is absolutely essential. The goal is to identify patterns of employee behavior to determine where the breach came from, what damage has been done, and who is responsible.

There are many questions to consider: Who recently accessed a particular shared folder — and why? Who is accessing documents they should not normally be seeing? Is someone from finance copying a strategy statement? Is someone from marketing looking at technical specs? Is someone who has always left the office at 5 pm suddenly staying until 8 pm every night?

Once these questions are answered, there is still a great deal of detective work to do: interviewing personnel, narrowing down suspects, examining motives, figuring out how the breach was carried out. For each step in this process, it is best to engage expert help. Your organization is unlikely to possess the skills to either identify the breach or pin down the suspect.

It cannot be overstated that for any insider incident, the adequacy of the response will be commensurate with the level of advanced preparation. Policies need to be established, procedures tightened, employees thoroughly trained, and remediation plans carefully laid out ahead of time.
Doing these things right may require outside assistance, but once they’re in place, your organization will be in a much better position to prevent breaches in the first place — and to respond to them when they occur.
K2Intelligence: http://bit.ly/1XE2v5Z

« The Road to Measuring and Interpreting Big Data
Russian Financial Cybercrime »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

Blueliv

Blueliv

Blueliv is a leading provider of targeted cyber threat information and intelligence. We deliver automated and actionable threat intelligence to protect the enterprise and manage your digital risk.

Research Institute in Science of Cyber Security (RISCS)

Research Institute in Science of Cyber Security (RISCS)

RISCS is focused on giving organisations more evidence, to allow them to make better decisions, aiding to the development of cybersecurity as a science.

Data Security Council of India (DSCI)

Data Security Council of India (DSCI)

DSCI is a premier industry body on cyber security and data protection in India, committed to making the cyberspace safe, secure and trusted.

National Defense Industry Association (NDIA) - USA

National Defense Industry Association (NDIA) - USA

The National Defense Industrial Association Cyber Division contributes to US national security by promoting interaction between the cyber defense industry, government and military.

Ericsson

Ericsson

Ericsson is a leading provider of telecommunications services and network infrastructure solutions including all aspects of network security.

Verifi

Verifi

Verifi is an award-winning provider of end-to-end payment protection and risk management solutions.

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

QI ANXIN Technology Group

QI ANXIN Technology Group

QI ANXIN specializes in serving the cybersecurity market by offering next generation enterprise-class cybersecurity products and services to government and businesses.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC)

Vietnamese Security Network (VSEC) is an information security company providing website vulnerability scanning and monitoring services.

Neosecure

Neosecure

NeoSecure is a specialist Cybersecurity Solutions and Managed Services provider in Latin America.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

VAST Data

VAST Data

The VAST Data Platform delivers scalable performance, radically simple data management and enhanced productivity for the AI-powered world.